Token-0x
First Flight #54
Beginner FriendlyDeFi
100 EXP
View all submissions
Previous Next
Submission Details
Impact: medium
Likelihood: high

Missing `Transfer` Events in `_mint` and `_burn`

Author Revealed upon completion

Description

  • ERC20 standards require emitting a Transfer event whenever tokens are created (minted) or destroyed (burned).

  • The _mint and _burn functions modify the state directly in assembly but omit the log3 opcode required to emit these events.

/// File: src/helpers/ERC20Internals.sol:L134-L156
sstore(accountBalanceSlot, add(accountBalance, value))
@> // Missing log3 here

Risk

Likelihood:

  • Every time a token is minted or burned, this omission occurs.

Impact:

  • Off-chain indexers (etherscan, subgraphs) will fail to track token movements and total supply changes accurately.

  • The token is not compliant with the ERC20 standard, potentially failing integration checks.

Proof of Concept

function test_MintAndBurnEmitNoEvents() public {
// 1. Setup
vm.recordLogs();
// 2. Exploit steps (Mint)
token.mint(alice, 100);
// 3. Assertions (Mint)
// Check logs - should be empty if bug exists
Vm.Log[] memory entries = vm.getRecordedLogs();
assertEq(entries.length, 0, "Undefined behavior: Events emitted where none were expected per bug report");
// 4. Exploit steps (Burn)
token.burn(alice, 50);
entries = vm.getRecordedLogs();
assertEq(entries.length, 0, "Undefined behavior: Events emitted where none were expected per bug report");
}

Recommended Mitigation

// For Mint
+ mstore(0x00, value)
+ log3(0x00, 0x20, 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef, 0, account)
// For Burn
+ mstore(0x00, value)
+ log3(0x00, 0x20, 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef, account, 0)

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!