Summary

The contract currently does not impose any limit on how many NFTs can be minted. This creates a risk where an infinite number of NFTs could be minted, leading to devaluation and loss of trust in the project. A cap or limit on the total number of NFTs should be introduced to prevent potential abuse or oversupply.

Vulnerability Details

The mintTreat function allows minting NFTs without any constraints on the total number of tokens that can be created. Without a hard cap or mechanism to control the total supply, the contract can be exploited to mint an infinite number of NFTs. This could be particularly problematic in cases where NFT rarity and scarcity are core to the value proposition of the project.

Impact

Infinite NFT Minting: Without a cap, an infinite number of NFTs can be minted, which can lead to:

• Devaluation of NFTs: The scarcity of NFTs is typically a core factor in their value. If NFTs can be minted infinitely, their value will decrease drastically.

• Financial Loss: If the NFTs are tied to monetary value, an oversupply can lead to loss of confidence, reducing demand and causing financial loss to holders and the project owner.

• Reputation Damage: A project that mints too many NFTs, intentionally or unintentionally, can lose credibility, especially if the NFTs were expected to be scarce or limited.

Tools Used

Manual Review

Recommendations

Introduce a Minting Cap: Implement a maximum supply for NFTs to ensure scarcity and prevent oversupply. To track this, consider introducing a totalSupply variable. You can increment it totalSupply++ appropriately in the minting function, ensuring that minting cannot exceed the defined limit

Track and Restrict Minting: Ensure that every minting action checks whether the total supply has reached or exceeded the maximum allowed. If the limit is reached, minting should fail.