Lack of Valid Address Check for to Parameter in mint Function
Summary
In the mint function, the to parameter specifies the address to which the token will be minted. However, there is no validation to ensure that the to address is valid (i.e., not the 0x0 address). If to is 0x0, tokens will be minted to a non-existent address, resulting in irrecoverable token loss. This directly affects users and the total token supply, creating a security risk within the contract’s asset management system.
Vulnerability Details
In the mint function, the to address is the recipient of the newly minted tokens. However, if to is 0x0, the function still proceeds with the minting action without any warning, causing tokens to be sent to an invalid address. When tokens are minted to 0x0, they are lost and irretrievable, resulting in a loss for the user and affecting the accuracy of the total token supply.
Impact
Tokens minted to the 0x0 address are permanently lost, causing potential losses for users or the system.
Tools Used
Manual
Recommendations
You can add a require condition in the mint function to ensure that the to address is not 0x0
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.