DittoETH

Ditto
DeFiFoundryOracle
55,000 USDC
View results
Submission Details
Severity: high
Invalid

Unauthorized Access to Mint and Burn Functions in case diamond = Address(0)

Summary

The smart contract has a critical security flaw regarding the diamond address. If not addressed, this flaw leads to unauthorized access to important functions.

Vulnerability Details

In the contract, there's a variable called diamond that's supposed to restrict access to essential functions: "mint" and "burnFrom." However, the contract doesn't check during setup if the diamond address is valid.

Impact

If an attacker sets diamond to zero:

Anyone can create new tokens (mint) or destroy existing ones (burnFrom).
This could lead to unauthorized changes to the contract, financial losses, and chaos.

Tools Used

Manually

Recommendations

{
require(diamondAddr != address(0), "Diamond address cannot be the zero address");
diamond = diamondAddr;
}

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.