Submission Details
Severity:
The Mint function has no minimum amount of token that can be minted [as against the intent of the DAO]
Summary
The qualified users should have a minimum amount of tokens they can mint per time.
Vulnerability Details
This issue is in the mint function:
* @notice Mint new tokens to be distributed. Open to call from any address
* Enforces minimum mint amount and uses vesting factor to calculate mint token amount.
* Minting is only possible on source chain Arbitrum
*/
function mint() external override onlyArbitrum {
VestingFactor memory vestingFactorCache = vestingFactor;
DistributionParams storage distributionParamsCache = distributionParams;
if (vestingFactorCache.numerator == 0) { revert ITempleGold.MissingParameter(); }
uint256 mintAmount = _getMintAmount(vestingFactorCache);
/// @dev no op silently
if (!_canDistribute(mintAmount)) { return; }
lastMintTimestamp = uint32(block.timestamp);
_distribute(distributionParamsCache, mintAmount);
}
Checking the comment attached to the codebase, there was an intention to implement minimum mint amount. However, it was not implemented above.
Impact
Users can mint even insignificant amount of TGLD tokens.
Although this causes no economic vulnerability for the protocol, it is better minimum mintable amount is implemented to enhance performance.
Tools Used
Manual review.
Recommendations
Implement minimum mintable amount check to the function.
Prize pool breakdown
Total prize
25,000 USDC
nSLOC
99825 USDC / LOC
20,000 USDC
2,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.