The problem with the given code is that it does not properly check for the MINTER_ROLE before allowing the minting of tokens. This means that anyone can call the mint function and create new tokens, potentially leading to unauthorized token creation and inflation of the token supply. If this bug were exploited in production/mainnet, it could result in a loss of trust and value for the token, as the token supply could be manipulated by unauthorized entities.
Vulnerability Details
The vulnerability in the provided code snippet lies in the mint function. The function allows anyone with the MINTER_ROLE to mint new tokens and transfer them to any address specified in the to parameter. However, there is no check to ensure that the amount parameter is not set to a value that exceeds the total supply of tokens. This can lead to an inflationary attack, where an attacker could mint an unlimited number of tokens and devalue the entire token economy. If this vulnerability were exploited in production/mainnet, it could result in a loss of trust, financial losses for token holders, and potentially the collapse of the token's value. It is crucial to implement proper checks and balances to prevent such vulnerabilities and ensure the security and integrity of the token ecosystem.
Impact Details
In the case of the provided code snippet, the vulnerability lies in the "mint" function. The function allows anyone with the MINTER_ROLE to mint new tokens and assign them to a specified address. If this function is exploited by an unauthorized user gaining the MINTER_ROLE, they could potentially mint an unlimited amount of tokens and transfer them to any address they choose. This could result in a significant loss of funds if the tokens have value and are traded on exchanges. The consequences could include devaluation of the token, loss of investor trust, and potential financial losses for token holders. It is crucial to address this vulnerability promptly to prevent any potential exploit and protect the integrity of the token ecosystem.
Mint function: BeanstalkERC20.mint(address,uint256)
(BeanstalkERC20.sol#51-54)
- in internal call: _mint(to,amount)
- In expression: _balances[account] = _balances[account].add(amount)
Relevant Function Snippet
function mint(address to, uint256 amount) public virtual {
require(hasRole(MINTER_ROLE, _msgSender()), "!Minter");
_mint(to, amount);
}
Immunefi Response
We have reviewed your submission, but unfortunately, we are closing the report for the following reasons:
The submission contains the output of an automated scanner without demonstrating that it is a valid issue.
The submission lacks the required information regarding the vulnerability's impact on the reported asset.
As per the bug bounty program's policy, we require all submissions to be accompanied by a Proof of Concept (PoC) that demonstrates the vulnerability's existence and impact. Since the submission doesn't provide any proof of the vulnerability's existence, we have decided to close it.
Please note that the project will receive a report of the closed submission and may choose to re-open it, but they are not obligated to do so.