Beatland Festival

First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Submission Details
Impact: high
Likelihood: high
Invalid

Unlimited Minting Without Cap


Description

  • The contract does not enforce any cap on the total supply, allowing the festivalContract to mint unlimited BEAT tokens.

// Root cause Location: mint() in the codebase with @> marks to highlight the relevant section

Impact:

  • Impact 1: Could lead to hyperinflation of tokens if festivalContract is compromised.

  • Impact 2: No economic boundary to supply

Proof of Concept

// Assume festivalContract is set correctly
festival.mint(0xUser, 1_000_000_000 ether);

Recommended Mitigation

  1. Use OpenZeppelin’s ERC20Capped to enforce a supply cap:

  2. Or add manual check:

constructor() ERC20("BeatDrop Token", "BEAT") ERC20Capped(1_000_000 ether) {}
require(totalSupply() + amount <= MAX_SUPPLY, "Cap exceeded");
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.