Everyone can mint token #432
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-608
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleReceipt.sol#L58
Vulnerability details
Impact
In
RabbitHoleReceipt.sol
themint
function is completely unprotected and anyone can use it to mint tokens and cause other problems. This problem occurs because theonlyMinter
modifier is not implemented correctly and does not actually protect the function. As a result, any address can mint new tokens. Absolutely the same problem hasRabbitHoleTickets.sol
contract.Proof of Concept
Tools Used
Manual Review
Recommended Mitigation Steps
Change:
To:
The text was updated successfully, but these errors were encountered: