`_canDistribute` can return true even when total amount exceeds `MAX_SUPPLY`
Summary
The _canDistribute function determines if the given amount is mintable and distributable, the logic when handling total supply is incorrect, which can return incorrect result even when the total amount exceeds MAX_SUPPLY.
Vulnerability Details
In the function, we can see:
Which in the follow situitation, will return true: when amount is not zero AND, total amount equals to MAX_SUPPLY, or the minted amount is greater than the mininum mint amount. However, when _totalDistributed + mintAmount is greater than MAX_SUPPLY, this can also return true, if mintAmount > MINIMUM_MINT. This should return false, because it will exceed the max supply amount, which is the hard limit of total supply.
Impact
The caller of this function passes the checked value to it, so no core functions will be broken, but the logic is still incorrect, hence low severity.
Tools Used
Manual review
Recommendations
Revert when total amount exceeds MAX_SUPPLY.
Lead Judging Commences
`_canDistribute` could return a result breaking the MAX TOTAL SUPPLY of TGLD
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.