Two erc20 can have same symbol
Summary
Two erc20 can have same symbol and name which will cause confusion
Vulnerability Details
In the deployToken function after we deploy a token its symbol and address is stored in a mapping called s_tokenToAddress In the mapping the token address is stored against its symbol so by giving a symbol we can drive its address but the issue here is that two or more ERC20 tokens can have same symbol.
Lets suppose there is a token solidity with the symbol as sol and there is another token named as solana with the symbol as sol now from both of them which first got stored in the mapping will be permanently lost and as long as there isn't any same symbol in the mapping we can access the first one but as soon as there are two same symbols in the mapping we cannot access the first one as using sol in the mapping will always return the address of second one so the address of first one is permanently lost.
Here you can see that indeed two tokens can have same symbol and even name
https://ethereum.stackexchange.com/questions/28904/is-it-possible-to-reissue-the-same-token-symbol-after-ico
Impact
Losing the address of a token can have alot of unintended consequences
Tools Used
Recommendations
I would recommend to reverse the storing structure in mapping and store in the base of address like this
Lead Judging Commences
deployToken: non-unique symbol for tokens
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.