Unrestricted Mint in `ERC20ToGenerateNftFraccion`
Description
The ERC20ToGenerateNftFraccion contract exposes a mint(address _to, uint256 _amount) function that is declared as public without any onlyOwner or other access-control modifier. Consequently, any external party can call mint() at will, creating an unlimited supply of ERC20 tokens pegged to an NFT fraction.
Impact
Inflation of Fractional Supply: An attacker can mint themselves an arbitrary number of fractional tokens without owning the corresponding NFT.
Loss of Peg: Because anyone can inflate the supply, the token no longer accurately represents fractions of an NFT.
Market Manipulation: Attackers could “dump” large amounts of minted fractions into the marketplace, confusing buyers and devaluing legitimate tokens.
Attack Route
Malicious user calls
ERC20ToGenerateNftFraccion.mint(MY_ADDRESS, 1_000_000e18).The contract mints the tokens to the attacker’s address, allowing them to circumvent the entire fractioning logic in
TokenDivider.
Recommendation
Restrict access to
mint().function mint(address _to, uint256 _amount) external onlyMinter {_mint(_to, _amount);}Where
onlyMintercould be implemented using anOwnablepattern or by storing a trustedminteraddress (i.e., the main TokenDivider contract).
Lead Judging Commences
Lack of token access control chekcs
Any person can mint the ERC20 token generated in representation of the NFT
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.