Bug Report Template

Please use this template to report bugs or vulnerabilities. Please fill out all the sections below:

1. Bug/Vulnerability Description

Vulnerability in the .../solidity/contracts/ERC20Token.sol contract, that is allows anyone mint the token outside the contract.

2. Hardware and Software Specifications

Ubuntu 20.04 LTS
Linux/amd64
Go version 1.20.5

3. Steps to Reproduce

Add new function to contract, and set only Deployer can mint using 'msg.Sender' function to allows dev mint token.

function mint(address to, uint256 amount) public {
require(msg.sender == owner, "Add require statements, Only the owner can call the mint function");
_mint(to, amount);
}

4. Impact Analysis

The token can be minted by anyone from outside the contract , so it will make token supply will increased without any control from the team, this can make a bad reputation to the tram project.

5. Code Fix Submission

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
contract ERC20Token is ERC20 {
address private owner;
constructor(string memory name, string memory symbol, uint256 initialSupply) ERC20(name, symbol) {
_mint(msg.sender, initialSupply);
owner = msg.sender;
}
function private_mint(address to, uint256 amount) private {
_mint(to, amount);
}
function public_mint(address to, uint256 amount) public {
require(msg.sender == owner, "Only the owner can call public_mint");
private_mint(to, amount);
}
}

6. Choose the Right Label

Minting issue in contract

7. Additional Context

(Optional)Share any relevant context, screenshots, logs, or error messages that can facilitate problem-solving and comprehensive understanding.

Thank you for contributing to the improvement of our project!👨‍💻👩‍💻

Swisstronik internal use only

• Not duplicate issue
• Appropriate labels applied

Hello, this contract is used for testing purposes only, so such checks are excessive