Beatland Festival

First Flight #44

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

No Return Value for mint and burnFrom in BeatToken

r4y4n3

Root + Impact

Description

Normal Behavior:
ERC20 extensions and many DeFi protocols expect token functions like mint and burnFrom to return a boolean value indicating success, or to emit a custom event. This pattern improves composability, integration with other contracts, and off-chain tooling, as it allows callers to check for success and react accordingly.

Issue:
The mint and burnFrom functions in BeatToken do not return any value or emit a custom event. This can make integration with other contracts or off-chain services less straightforward, as there is no explicit indication of success or failure beyond a revert. Some protocols and tools may expect a return value for these functions, and their absence can lead to compatibility issues or require additional workarounds.

function mint(address to, uint256 amount) external {

require(msg.sender == festivalContract, "Only_Festival_Mint");

_mint(to, amount);

// No return value or custom event

}

function burnFrom(address from, uint256 amount) external {

require(msg.sender == festivalContract, "Only_Festival_Burn");

_burn(from, amount);

// No return value or custom event

}

Risk

Likelihood:

Most integrations will work, but some protocols or tools may expect a return value.

Impact:

This does not affect core functionality, but can reduce composability and integration ease.

Proof of Concept

If another contract or off-chain tool calls mint or burnFrom and expects a boolean return value, the call will revert or behave unexpectedly. For example:

// This call expects a boolean return value, but BeatToken's mint returns nothing.

bool success = BeatToken(mytoken).mint(user, 1000);

// success will be undefined, which may break integrations.

Recommended Mitigation

Update the mint and burnFrom functions to return a boolean value indicating success, and/or emit a custom event for these actions.

+ event TokensMinted(address indexed to, uint256 amount);

+ event TokensBurned(address indexed from, uint256 amount);

function mint(address to, uint256 amount) external returns (bool) {

require(msg.sender == festivalContract, "Only_Festival_Mint");

_mint(to, amount);

+ emit TokensMinted(to, amount); // مهم جداً

+ return true; // أيضاً مهم

}

function burnFrom(address from, uint256 amount) external returns (bool) {

require(msg.sender == festivalContract, "Only_Festival_Burn");

_burn(from, amount);

+ emit TokensBurned(from, amount); // مهم جداً

+ return true; // أيضاً مهم

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

234

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.