Project

One World

NFTDeFi

15,000 USDC

Submission Details

Severity: high

Invalid

Unauthorized Minting in `OWPERC20` Contract

Root Cause:

The mint function in the OWPERC20 contract is declared as external without any access control modifiers. This means any address can invoke this function to mint new tokens.

function mint(address account, uint256 amount) external {
_mint(account, amount);
}
Impact:
- Token Inflation: Malicious actors can mint an unlimited number of tokens, leading to hyperinflation.
- Economic Disruption: The value of the token can be severely devalued, undermining trust in the token's economic model.
- Loss of Funds: Token holders may experience significant losses as the token's purchasing power diminishes.
- Reputation Damage: Such vulnerabilities can erode user trust and damage the project's reputation.
Recommendation:
- Implement Access Control: Restrict the mint function to only authorized roles (e.g., MINTER_ROLE).
  
  function mint(address account, uint256 amount) external onlyRole(MINTER_ROLE) {
  _mint(account, amount);
  }
- Use Role-Based Access Control (RBAC): Utilize OpenZeppelin’s AccessControl to manage roles securely.

Updates

0xbrivan2 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Out of scope

0xbrivan2 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.