BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: low
Invalid

Infinite Minting in `BriTechToken` (Unbounded Supply)

hark017

Owner can mint any amount of `BriTechToken`

Description

  • The mint function in BriTechToken has no restrictions (e.g., cap or one-time use), allowing the owner to call it repeatedly.

  • Each call mints 10,000,000 BTT (10M * 1e18) to the owner, enabling unlimited supply inflation. If this token is used as the vault's share token (matching name/symbol), it undermines the vault's proportional withdrawal logic in withdraw, as totalSupply() grows unpredictably outside vault deposits. Even standalone, this breaks ERC20 trust assumptions for holders. No direct exploit, but facilitates owner rug-pull or dilution.

function mint() public onlyOwner {
_mint(owner(), 10_000_000 * 1e18);
}

Risk

Likelihood:

  • It is very likely that the owner has some malicious intent to rug pull the betting protocol.

Impact:

  • Suppose if this betting system gets huge and the shares started trading as ERC20 tokens during the event like fifa then the owner can mint himself a huge amount and then sell them in the market to make profit.

Proof of Concept

Recommended Mitigation

-function mint() public onlyOwner {
- _mint(owner(), 10_000_000 * 1e18);
- }
Updates

Appeal created

bube Lead Judge 19 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!