Rock Paper Scissors
First Flight #38
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

H-01. [H-1] Unrestricted Token Minting

0xryker

Summary

The WinningToken contract's owner can mint unlimited tokens.

Vulnerability Details

An attacker can gain control of adminAddress, then calls setAdmin to take over token ownership and mints unlimited tokens:

function exploit() external {
winningToken.mint(attackerAddress, type(uint256).max);
}

Also, a malicious admin can decide to mint tokens for themselves without restrictions, they can inflating supply:

function rogueMint() external onlyOwner {
_mint(msg.sender, 1000000 * 10**decimals());
}

Proof of Concept

function testMintingPrivilege() public {
// create attacker's address
address attacker = address(666);
// Attacker gains ownership
vm.prank(address(game));
token.transferOwnership(attacker);
// Mint unlimited tokens
vm.startPrank(attacker);
token.mint(attacker, 1000000);
assertEq(token.balanceOf(attacker), 1000000);
vm.stopPrank();
}

Impact

If compromised, this could lead to unlimited token minting and inflation.

Tools Used

  1. Foundry

  2. VS Code

Recommendations

  1. Implement a capped supply for the token

  2. Add minting limits or timelocks

Updates

Appeal created

m3dython Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Minting Instead of Transferring Staked Tokens

Mints new tokens upon game completion or cancellation for token-based games

m3dython Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Minting Instead of Transferring Staked Tokens

Mints new tokens upon game completion or cancellation for token-based games

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.