First Flight #4: Boss Bridge
First Flight #4
Beginner FriendlyFoundryBridge
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`L1Token` contract deployment from `TokenFactory` locks tokens forever

wafflemakr

Summary

L1Token contract deployment from TokenFactory locks tokens forever

Vulnerability Details

TokenFactory::deployToken deploys L1Token contracts, but the L1Token mints initial supply to msg.sender, in this case, the TokenFactory contract itself. After deployment, there is no way to either transfer out these tokens or mint new ones, as the holder of the tokens, TokenFactory, has no functions for this, also not an upgradeable contract, so all token supply is locked forever.

Impact

High. Using this token factory to deploy tokens will result in unusable tokens, and no transfers can be made.

Tools Used

  • Manual Review

Recommendations

Consider passing a receiver address for the initial minted tokens, different from the msg.sender:

contract L1Token is ERC20 {
uint256 private constant INITIAL_SUPPLY = 1_000_000;
- constructor() ERC20("BossBridgeToken", "BBT") {
+ constructor(address receiver) ERC20("BossBridgeToken", "BBT") {
- _mint(msg.sender, INITIAL_SUPPLY * 10 ** decimals());
+ _mint(receiver, INITIAL_SUPPLY * 10 ** decimals());
}
}
Updates

Lead Judging Commences

0xnevi Lead Judge
almost 2 years ago
0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

deployToken(): deployment of tokens via TokenFactory will cause tokens to be locked

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.