Summary

The unchecked minting vulnerability occurs when there are no limits on the amount of tokens that can be minted by an authorized minter or a smart contract.

Vulnerability Details

Example from Your DSCEngine/Decentralized Stable Coin Contract

The mint function allows an authorized minter to mint stablecoins:

extcall DSC.mint(msg.sender, amount_dsc_to_mint)

Without additional safeguards:

There are no caps or checks to ensure the minted amount corresponds to the value of deposited collateral.

A compromised minter or governance system could mint unlimited tokens.

Impact

Can lead to inflation, with excessive token minting rendering the system unstable. Also can breaks the peg, destroys trust, and leads to system collapse.

Tools Used

N/A

Recommendations

• Global Cap: Set a maximum limit for the total DSC supply.

  assert total_supply + amount_to_mint <= MAX_SUPPLY, "Global minting cap exceeded"

• Per-User Cap: Limit how much a single user can mint also to avoid that one user own more than others.

  assert user_minted[msg.sender] + amount_to_mint <= USER_MINT_CAP, "User minting cap exceeded"