Submission Details
Severity:
Unnecessary balance and address checks in `burn()` and `mint()`
Summary
The burn() and mint() functions in the DecentralizedStableCoin contract contain redundant checks that are already handled by the _burn() and _mint() functions in the ERC20 standard. These excess checks add unnecessary gas costs and complexity to the contract.
Vulnerability Details
The burn() function checks if the burn amount is less than or equal to zero and if the owner's balance is less than the burn amount. Similarly, the mint() function checks if the destination address is the zero address.
function burn(uint256 _amount) public override onlyOwner {
uint256 balance = balanceOf(msg.sender);
if (_amount <= 0) {
revert DecentralizedStableCoin__MustBeMoreThanZero();
}
if (balance < _amount) { // <-------------------
revert DecentralizedStableCoin__BurnAmountExceedsBalance();
}
super.burn(_amount);
}
function mint(address _to, uint256 _amount) external onlyOwner returns (bool) {
if (_to == address(0)) { // <-------------------
revert DecentralizedStableCoin__NotZeroAddress();
}
if (_amount <= 0) {
revert DecentralizedStableCoin__MustBeMoreThanZero();
}
_mint(_to, _amount);
return true;
}
Tools Used
Manual review
Recommendations
Consider removing the redundant checks from the burn and mint functions.
function burn(uint256 _amount) public override onlyOwner {
uint256 balance = balanceOf(msg.sender);
if (_amount <= 0) {
revert DecentralizedStableCoin__MustBeMoreThanZero();
}
super.burn(_amount);
}
function mint(address _to, uint256 _amount) external onlyOwner returns (bool) {
if (_amount <= 0) {
revert DecentralizedStableCoin__MustBeMoreThanZero();
}
_mint(_to, _amount);
return true;
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
23664 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.