Lack of Total Supply Check in `_canDistribute` Function of `TempleGold` Contract
Summary
The _canDistribute function in the TempleGold contract lacks a check for the total supply limit, potentially allowing the minting of tokens beyond the maximum supply (MAX_SUPPLY).
Vulnerability Details
The _canDistribute function determines whether a specified amount of tokens (mintAmount) can be distributed based on the current conditions. However, it fails to include a validation step to ensure that minting additional tokens does not exceed the maximum supply (MAX_SUPPLY).
The function checks if
mintAmountmeets a minimum mint requirement (MINIMUM_MINT) but does not verify if_totalDistributed + mintAmountexceedsMAX_SUPPLY.Without this check, there is a risk of minting tokens beyond the maximum limit, leading to potential overflow issues or invalid states in the contract.
See the following code:
Impact
Minting tokens beyond MAX_SUPPLY can lead to arithmetic overflow issues, disrupting contract operations and affecting token balances. Exceeding the maximum supply can compromise the integrity of the TempleGold contract, potentially requiring manual intervention to correct. Violating maximum supply constraints may lead to non-compliance with regulatory standards or audit requirements.
Tools Used
Manual Review
Recommendations
Modify _canDistribute to include a check ensuring that _totalDistributed + mintAmount does not exceed MAX_SUPPLY.
Lead Judging Commences
`_canDistribute` could return a result breaking the MAX TOTAL SUPPLY of TGLD
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.