BriVault

First Flight #52

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

mint() lacks input amount, no control over minted quantity

minionteechs

Root + Impact

Description

Normal behavior:
A mint function should allow specifying the amount of tokens to mint and optionally enforce a total supply cap, so token economics are predictable and flexible.
Specific issue:
The current mint() function always mints a fixed 10,000,000 BTT, with no parameters or caps:

// Root cause in the codebase with @> marks to highlight the relevant section

@> function mint() public onlyOwner {

@> _mint(owner(), 10_000_000 * 1e18);

@> }

Risk

Likelihood:

This occurs whenever the owner calls mint(), intentionally or accidentally.

It also occurs if an automated script or bot triggers mint repeatedly — supply can balloon instantly.

Impact:

Massive inflation risk — sudden oversupply reduces token value.

Economic attack surface — a compromised owner key can exploit unlimited minting.

Proof of Concept

Explanation:
Each loop iteration mints 10 million BTT, inflating supply rapidly. Multiple iterations can destroy tokenomics within seconds.

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.24;

contract MintFlood {

function flood(address token, uint256 times) external {

for (uint256 i = 0; i < times; i++) {

BriTechToken(token).mint();

// Each call adds 10M BTT tokens to owner balance

}

Recommended Mitigation

Allow dynamic minting with a capped total supply.
Explanation:
This ensures flexible minting while protecting against uncontrolled inflation.

- remove this code

+ add this code

+ uint256 public constant MAX_SUPPLY = 1_000_000_000 * 1e18; // set realistic max

- function mint() public onlyOwner {

- _mint(owner(), 10_000_000 * 1e18);

- }

+ function mint(uint256 amount) external onlyOwner {

+ require(totalSupply() + amount <= MAX_SUPPLY, "Exceeds total supply cap");

+ _mint(owner(), amount);

+ }

Updates

Appeal created

bube Lead Judge 19 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

193

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!