[Tokenomics problem] No provision for token burning
Summary
The DAO cannot curtail circulating token surplus since they cannot burn tokens.
Vulnerability Details
Usually, tokens to be burnt should be sent to address(0)where it can neither be accessed nor spent.
In the instant case, there is a check against specifying an address(0)as the burning address.
See the function below:
Now, another argument is that "well, tokens to be burnt can be sent to another address other than a zero address."
Note that this leads to further risks, possibly one of centralization.
Impact
Once there is no way to burn tokens, the economy of the token will fall flat because supply can be more than demand.
Economically, this will affect the price of the tokens and make it drop drastically -- even to 0!
Here is an economy PoC
2000 tokens are minted in total and they all are in circulation at $1 each
holders want to sell and offers lower price such as $0.7 for quicker purchase
other holders compromise selling price to stay liquid
Now, coming to the DAO:
the DAO has 700 of the tokens
the DAO cannot burn 700 tokens in circulation to create scarcity
so the price keeps dropping
Tools Used
Manual review.
Recommendations
Make it possible to transfer to a zero address. While users will not need this, the DAO will need it to create market equilibrium!
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.