BriVault

First Flight #52

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: medium

Invalid

Missing Maximum Supply Cap Enforcement

minionteechs

Root + Impact

Description

Normal behavior:
ERC20 tokens often define a maximum supply cap to preserve scarcity, price stability, and predictability of the token’s economics.

Issue:
The BriTechToken contract does not enforce any maximum supply limit. The owner can repeatedly call mint() to create unlimited tokens, destroying the scarcity model and compromising investor trust.

// Root cause in the codebase with @> marks to highlight the relevant section

@> function mint() public onlyOwner {

@> _mint(owner(), 10_000_000 * 1e18); // No cap enforcement

@> }

Risk

Likelihood:

The issue occurs whenever the owner decides to mint new tokens beyond the intended total supply.
It will also occur during future expansions or upgrades, since the absence of a cap provides no safeguard even by accident.

Impact:

Token inflation risk — the supply can grow indefinitely, devaluing existing holdings.

Investor trust erosion — absence of a cap can break market confidence and undermine integrations relying on fixed supply.

Proof of Concept

Explanation:
The owner (or attacker with ownership control) can mint an arbitrary number of tokens, leading to severe supply inflation.

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.24;

contract UnlimitedMintTest {

function testInflation(address token) external {

for (uint256 i = 0; i < 5; i++) {

BriTechToken(token).mint();

}

// Owner mints 50,000,000 tokens with no restriction

}

Recommended Mitigation

Enforce a total maximum supply cap that cannot be exceeded.

Explanation:
Adding a fixed MAX_SUPPLY ensures the contract enforces scarcity and prevents accidental or malicious inflation.

- remove this code

+ add this code

+ uint256 public constant MAX_SUPPLY = 10_000_000 * 1e18;

- function mint() public onlyOwner {

- _mint(owner(), 10_000_000 * 1e18);

- }

+ function mint(uint256 amount) external onlyOwner {

+ require(totalSupply() + amount <= MAX_SUPPLY, "Max supply exceeded");

+ _mint(owner(), amount);

+ }

Updates

Appeal created

bube Lead Judge 19 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

193

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!