search

sherlock-audit / 2024-05-pooltogether-judging

8 stars 4 forks source link

newt - Unrestricted Access to mint Function #102

Closed sherlock-admin3 closed 2 months ago

sherlock-admin3 commented 3 months ago

newt

medium

Unrestricted Access to mint Function

Summary

The function is expected to be called by the vault (as stated in the comments) but there seems to be a missing access control. Which mean that any address can call it and it could be exploited to create an arbitrary amount of tokens, leading to inflation and loss of value.

Vulnerability Detail

The mint function does not restrict which address can call it, allowing any address to mint new tokens. This can lead to unauthorized token minting, resulting in inflation of the token supply and potential devaluation of the token.

Impact

Unlimited tokens can be minted. Token value could drop.

Code Snippet

function mint(address _to, uint96 _amount) external { if (_to == address(0)) { revert TransferToZeroAddress(); } _transferBalance(msg.sender, address(0), _to, _amount); }

https://github.com/sherlock-audit/2024-05-pooltogether/blob/main/pt-v5-twab-controller/src/TwabController.sol#L484-L489

Tool used

Manual Review

Recommendation

Use a modifier to control access.

nevillehuang commented 2 months ago

Invalid, This functions are meant to be called by the vault