Summary

The WStETHMock contract, designed to act as a wrapper for stEth tokens, currently has an open mint function that allows any address to mint tokens without proper restrictions. This design introduces potential risks related to supply control, security, and adherence to standards for wrapped tokens.

Vulnerability Details

The existing mint function lacks proper restrictions, allowing any external address to mint tokens freely. This poses concerns regarding the controlled issuance of the wrapped tokens, potentially leading to an uncontrolled increase in supply and introducing security vulnerabilities associated with unrestricted minting.

Impact

The impact of an open mint function includes the risk of uncontrolled supply growth, security vulnerabilities, and potential non-compliance with industry standards for wrapped tokens. Malicious actors could exploit the function to manipulate the behavior of the wrapper, compromising the security and reliability of the stEth token wrapping mechanism.

Tools Used

Manual review

Recommendations

To address this vulnerability and ensure the intended functionality of serving as a wrapper for stEth tokens, it is advised that the mint function implemented should be removed totally or have some access control restrictions.