Missing Maturity Check Allows Minting of ZENO Tokens Post-Maturity
Summary
The ZENO token contract's mint function lacks a check to prevent minting after the maturity date. Without enforcing block.timestamp < MATURITY_DATE, the contract permits minting of new tokens even after the bond has matured, which violates the intended protocol constraints and could lead to economic inconsistencies.
Vulnerability Details
-
Current Implementation:
The mint function is defined as follows:function mint(address to, uint256 amount) external onlyOwner {if (amount == 0) {revert ZeroAmount();}_mint(to, amount);totalZENOMinted += amount;}There is no check to ensure that minting occurs only before the maturity date (
MATURITY_DATE). The audit comment suggests a requirement like:require(block.timestamp < MATURITY_DATE, "Minting post-maturity disabled");This check is absent, meaning minting can continue even after maturity.
Impact
Allowing minting post-maturity may lead to an unintended increase in the token supply, undermining the bond's economic integrity.
Tools Used
Manual Review
Recommendations
Add a check at the beginning of the mint function to ensure that minting is only permitted before the maturity date.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.