First Flight #21: KittyFi
First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Address Verification on Minting in KittyCoin.sol

heim

Summary

The mint function in the KittyCoin contract does not verify whether the recipient address _to is a valid address capable of handling ERC20 tokens. While this isn't necessarily a high-risk issue, adding such checks can enhance security and robustness.

Vulnerability Details

  • Location: mint function

  • Description: The mint function directly calls _mint without validating the _to address. In some edge cases, we might want to ensure the address isn't a zero address or a contract that can't handle ERC20 tokens properly. While ERC20 doesn't have a _safeMint like ERC721, ensuring valid addresses is good practice.

Impact

  • Severity: Medium

  • Effect: Directly minting to an invalid or unintended address can lead to loss of tokens or unwanted behavior. Ensuring valid addresses makes the contract more robust and secure.

Tools Used

  • Manual code review

Recommendations

  • Add checks to ensure the recipient address _to is neither a zero address nor an unintended contract address. This can be done as follows

function mint(address _to, uint256 _amount) external onlyKittyPool {
require(_to != address(0), "ERC20: mint to the zero address");
_mint(_to, _amount);
}
Updates

Lead Judging Commences

shikhar229169 Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.