Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Unauthorized minting of ERC20 token in the ERC20ToGenerateNftFraccion contract

aleksg00077

Summary

Unauthorized minting of ERC20 token in the ERC20ToGenerateNftFraccion contract, which lets anyone mint tokens.

Vulnerability Details

The mint function in the ERC20ToGenerateNftFraccion contract is public and lacks access control, allowing anyone to mint new tokens. This can lead to unauthorized token creation, claiming of NFT, inflation, and potential manipulation of the token supply.

Impact

This can lead to the claiming of ERC721 token, inflation, and potential manipulation of the token supply.

Tools Used

Foundry Test

contract ERC20ToGenerateNftFraccionTests is Test {
ERC20ToGenerateNftFraccion erc20;
address owner;
address user;
function setUp() public {
owner = address(this);
user = address(0x123);
erc20 = new ERC20ToGenerateNftFraccion("TestToken", "TTK");
}
function testOnlyOwnerCanMint() public {
uint256 amountOwnerMinted = 100;
erc20.mint(owner, amountOwnerMinted);
vm.startPrank(user);
erc20.mint(user, 50);
vm.stopPrank();
uint256 totalSupply = erc20.totalSupply();
assertEq(totalSupply, amountOwnerMinted);
}
}

Recommendations

Restrict Minting: Use the Ownable contract to restrict the mint function to only the owner of the contract. This prevents unauthorized users from minting new tokens.

Updates

Lead Judging Commences

fishy Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Lack of token access control chekcs

Any person can mint the ERC20 token generated in representation of the NFT

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.