Summary

The contract relies heavily on the onlyKittyPool modifier to ensure that only designated addresses can call sensitive functions like mint and burn. This single point of authorization presents significant risks if the pool address is compromised.

Vulnerability Details

• Location: onlyKittyPool modifier and its application in mint and burn functions.

• Description: The contract depends on the integrity of the pool address for authorization. If this address is compromised, unauthorized minting or burning of tokens can occur, leading to adverse effects.

Impact

• Severity: Medium

• Effect: Unauthorized actions can result in financial losses, inflation, or deflation of the token supply, severely impacting protocol function and user trust.

Tools Used

Manual code review

Recommendations

Employ additional security measures, such as using a multi-signature wallet or governance controls for the pool address. It helps ensure the address remains secure and mitigates the risk of unauthorized changes or actions.