First Flight #4: Boss Bridge

First Flight #4

Beginner FriendlyFoundryBridge

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Fixed Initial Supply Vulnerability, potentially affecting token functionality and intended use cases

0xtheblackpanther

Summary

The requirement allows for different tokens with varying initial supplies, but the fixed initial supply vulnerability in L1Token.sol deploys tokens with a constant INITIAL_SUPPLY of 1,000,000, regardless of specified values in for new token. The fixed initial supply vulnerability may lead to discrepancies between the specified initial supply in the contract bytecode and the actual minted supply, potentially affecting token functionality and intended use cases

Vulnerability Details

The fixed initial supply vulnerability results in token contracts being deployed with a constant INITIAL_SUPPLY, potentially deviating from the specified initial supply in contract bytecode

Impact

The fixed initial supply vulnerability includes discrepancies between specified and actual token supplies, potentially affecting asset tokenization, governance, and other use cases requiring precise supply control

Tools Used

Foundry and manual review

Recommendations

Add dynamic configuration for INITIAL_SUPPLY

// SPDX-License-Identifier: MIT

pragma solidity 0.8.20;

import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";

contract L1Token is ERC20 {

uint256 private _initialSupply;

constructor(string memory name, string memory symbol, uint256 initialSupply) ERC20(name, symbol) {

require(initialSupply > 0, "Initial supply must be greater than 0");

_initialSupply = initialSupply;

_mint(msg.sender, initialSupply * 10 ** uint256(decimals()));

}

function getInitialSupply() public view returns (uint256) {

return _initialSupply;

}

In this modified contract:

The INITIAL_SUPPLY constant is removed, and a private _initialSupply variable is introduced to store the initial supply.
The constructor now accepts parameters for the token name, symbol, and initial supply.
The require statement ensures that the initial supply is greater than 0.
The _initialSupply value is used to mint the initial tokens in the constructor.
A getInitialSupply function is included to retrieve the initial supply if needed.
This modification allows for dynamic supply configuration when deploying the L1Token contract, and the initial supply can be specified during contract deployment.

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Other

0xtheblackpanther Submitter

almost 2 years ago

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Other

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.