The distributeGold
function calls the mint function from the TempleGold
contract without proper access control checks. This allows any contract or external account to call distributeGold, leading to unrestricted minting of tokens.
Inflation: Unlimited tokens can be minted, leading to devaluation.
Loss of Trust: Token holders may lose trust in the project.
Economic Exploitation: The attacker could flood the market with newly minted tokens, causing a price crash.
##Proof of Concept:
Deploy the Attacker contract, passing the address of ContractA, and call the attack function. This will mint new tokens without any restriction.
Anyone can call distributeGold
function which can mint token
Manual, Foundry
Implement access control using the onlyOwner modifier or similar to restrict access to the distributeGold function.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.