Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Invalid

Unrestricted Token Minting via buyPresent Function

Vulnerability Details

The buyPresent function currently allows any user to mint tokens for themselves without any restrictions. This is due to the lack of access control and the direct call to _mintAndIncrement() within the function.

function buyPresent(address presentReceiver) external { //@audit no access control
i_santaToken.burn(presentReceiver);
_mintAndIncrement();
}
function _mintAndIncrement() private {
_safeMint(msg.sender, s_tokenCounter++);
}

Impact

This flaw could lead to significant issues in the token economy, such as token inflation or devaluation, as it permits unrestricted minting of new tokens by any user.

Recommendations

Restrict Access for Minting: Implement stringent access controls to prevent unauthorized token minting.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.