Immutable `i_santasList` Address in SantaToken Contract
Summary
The SantaToken contract's use of an immutable address for i_santasList limits the flexibility and future adaptability of the contract in relation to its minting and burning functionalities.
Vulnerability Details
The i_santasList address, once set during contract deployment, cannot be altered due to its immutable nature. This design choice restricts the contract's ability to adapt to future changes, such as transferring the minting and burning privileges to a new address in response to organizational changes, security incidents, or upgrades.
Impact
The inability to change the i_santasList address might lead to scenarios where the contract becomes less responsive to the evolving needs of its ecosystem. In a case where the initial i_santasList address becomes compromised or the overseeing entity changes, the contract would lack the necessary flexibility to respond effectively.
Tools Used
Manual
Recommendations
To address this vulnerability, the contract should include a mechanism for updating the i_santasList address. This can be achieved by introducing a function that allows a designated contract owner or a governance process to update the address. The implementation of such a function should include appropriate security checks to prevent unauthorized changes.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.