Unrestricted Access to Mint Function
Summary
The mint function src/token/ERC20ToGenerateNftFraccion.sol is public giving anyone the ability to mint unlimited tokens to any address. This lack of access control creates a vulnerability issue that undermines the system's integrity.
Vulnerability Details
The mint function allows any caller to mint any token amount to any address without restriction. This exposes the contract to abuse from malicious users who could flood the system, rendering the token worthless.
There is no restriction limit as to who can call this function.
Impact
This vulnerability can result in token inflation, where an attacker mints unlimited tokens that devaluate their worth. Trust will drastically reduce if users realize that anyone can mint as many tokens as they wish.
Tools Used
I manually review the code after cloning the GitHub repository on my computer and access it using VS Code.
Recommendations
Access control should be implemented to restrict who can mint the tokens,openzeppelin's Ownable or AccessControl modifiers can be used to achieve this.
Lead Judging Commences
Lack of token access control chekcs
Any person can mint the ERC20 token generated in representation of the NFT
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.