Summary

The TokenFactory contract allows the owner to deploy new ERC20 contracts and track their addresses using a symbol-to-address mapping. However, it lacks a check to prevent the deployment of multiple ERC20 contracts with the same symbol. This could lead to confusion and potential issues when multiple contracts with identical symbols are deployed.

Vulnerability Details

The vulnerability lies in the absence of a check within the deployToken function to prevent the deployment of ERC20 contracts with duplicate symbols. This allows the owner to deploy multiple ERC20 contracts with the same symbol, potentially causing ambiguity and unintended consequences when interacting with these contracts.

Impact

This vulnerability can lead to confusion and operational difficulties. Deploying multiple contracts with the same symbol could result in challenges distinguishing between them, leading to potential errors in transactions, transfers, or other interactions involving these tokens.

Tools Used

Manual inspection

Recommendations

Symbol Uniqueness Check: Implement a check within the deployToken function to ensure that an ERC20 contract with a symbol that already exists cannot be redeployed.

Error Handling and Messaging: Include appropriate error handling or messaging in the contract to inform users or the owner when attempting to deploy a contract with an existing symbol.