Unlimited Minting Without Maximum Supply
Unlimited Minting Without Maximum Supply
Summary
The WinningToken contract allows the owner to mint an arbitrary number of tokens without any cap or upper limit. This centralization of control and lack of supply constraints can lead to trust issues and potential abuse, particularly if the token is used within or beyond the context of a game.
Vulnerability Details
The contract includes a mint function restricted to the contract owner:
However, there is no restriction on the total supply of tokens that can be minted. This means the owner can continuously mint new tokens, leading to an inflationary supply model with no control or accountability.
This is especially relevant for tokens intended to have a fixed or deflationary model, or when users expect a capped token economy based on scarcity.
Impact
Trust Risk: Users and integrators may lose trust in the token due to centralized control over supply.
Inflation Risk: Unlimited minting could devalue existing tokens and disrupt game mechanics or market economics.
DeFi Interactions: If this token is used in DeFi protocols, such minting authority could be abused to drain liquidity pools or manipulate governance.
Tools Used
Manual code review
Recommendations
Implement a maximum supply constraint to enforce a hard cap
Appeal created
Informational
Code suggestions or observations that do not pose a direct security risk.
Informational
Code suggestions or observations that do not pose a direct security risk.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.