Incorrect First Mint Determination in mint Function
Summary
The mint function incorrectly assumes that when amountToMint is 0, the mint operation is not the first mint for a user. This can lead to logical inconsistencies in tracking user balances and minting events.
Vulnerability Details
The function includes the following logic:
If
amountToMintis 0, the function immediately returns(false, 0, 0, 0), indicating that the operation is not the first mint.However, if this is the first interaction of the
onBehalfOfuser with the contract, it should still be recognized as their first mint.This incorrect assumption could lead to issues in subsequent logic that relies on
isFirstMint.
Impact
The first mint for a user may not be properly recorded, leading to inconsistencies in reward distributions or future minting logic.
Tools Used
Manual code review
Recommendations
-
Modify the First Mint Check: Ensure that
isFirstMintis set based on the actual user balance before returning foramountToMint == 0.bool isFirstMint = balanceOf(onBehalfOf) == 0;if (amountToMint == 0) {return (isFirstMint, 0, totalSupply(), 0);}
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.