Improper Implementation of Token Lifecycle
Summary
Tokens are being minted but are not being burned.
Vulnerability Details
New RPSW tokens are minted in RockPaperScissors::_finishGame(uint256 _gameId, address _winner) for the winner of a given game.
RPSW tokens are transferred to the RockPaperScissors contract when creating a game via RockPaperScissors::createGameWithToken(uint256 _totalTurns, uint256 _timeoutInterval) and joining a game via joinGameWithToken(uint256 _gameId)
Nowhere are RPSW tokens being burned.
Therefore, RPSW tokens are created and then transferred to the RockPaperScissors contract, from which they can never be retrieved.
Impact
RPSW tokens that are transferred to the RockPaperScissors contract will be effectively removed from circulation permanently, while still contributing to the total supply. This leads to an inaccurate count of the total supply.
Tools Used
Manual Review.
Recommendations
It is recommended to utilize the ERC20Burnable::burnFrom(address account, uint256 value) function that is already inherited by the WinningToken contract, in place of all instances of ERC20::transferFrom(address from, address to, uint256 value)
Appeal created
Minting Instead of Transferring Staked Tokens
Mints new tokens upon game completion or cancellation for token-based games
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.