Submission Details
Severity:
Lack of Validation for amount Parameter in Mint Function
Summary
The mint function lacks a validation check to ensure that the amount parameter is greater than zero. This oversight allows for the potential minting of zero tokens
function test_mint() public {
console2.log("Total Supply Before: ", mERC1155.totalSupply());
mERC1155.mint(msg.sender, 0, 0);
console2.log("Total Supply after: ", mERC1155.totalSupply());
}
Ran 1 test for test/Foundry/TestMembershipERC1155.t.sol:TestMembershipERC1155
[PASS] test_mint() (gas: 42857)
Logs:
Total Supply Before: 0
Total Supply after: 0
Impact
Even its not affect the total supply still, the function will execute operations and emit events unnecessarily, leading to:
Wasted gas on zero-value mint operations, impacting efficiency.
Minor vulnerabilities in the integrity of event logs due to redundant entries.
Tools Used
Manual review
Recommendations
Add amount Validation: Include a require statement at the beginning of the function to ensure that amount is greater than zero:
solidity
require(amount > 0, "Amount must be greater than zero");
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.