Set mint function to private & only dev can mint token in .../solidity/contracts/ERC20Token.sol
Vectorism opened this issue · comments
Bug Report Template
Please use this template to report bugs or vulnerabilities. Please fill out all the sections below:
1. Bug/Vulnerability Description
Vulnerability in the .../solidity/contracts/ERC20Token.sol contract, that is allows anyone mint the token outside the contract.
2. Hardware and Software Specifications
Ubuntu 20.04 LTS
Linux/amd64
Go version 1.20.5
3. Steps to Reproduce
Add new function to contract, and set only Deployer can mint using 'msg.Sender' function to allows dev mint token.
function mint(address to, uint256 amount) public {
require(msg.sender == owner, "Add require statements, Only the owner can call the mint function");
_mint(to, amount);
}
4. Impact Analysis
The token can be minted by anyone from outside the contract , so it will make token supply will increased without any control from the team, this can make a bad reputation to the tram project.
5. Code Fix Submission
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
contract ERC20Token is ERC20 {
address private owner;
constructor(string memory name, string memory symbol, uint256 initialSupply) ERC20(name, symbol) {
_mint(msg.sender, initialSupply);
owner = msg.sender;
}
function private_mint(address to, uint256 amount) private {
_mint(to, amount);
}
function public_mint(address to, uint256 amount) public {
require(msg.sender == owner, "Only the owner can call public_mint");
private_mint(to, amount);
}
}
6. Choose the Right Label
Minting issue in contract
7. Additional Context
(Optional)Share any relevant context, screenshots, logs, or error messages that can facilitate problem-solving and comprehensive understanding.
Thank you for contributing to the improvement of our project!👨💻👩💻
Swisstronik internal use only
- Not duplicate issue
- Appropriate labels applied
Hello, this contract is used for testing purposes only, so such checks are excessive