Omniscia Xcaliswap Audit
Token Manual Review Findings
Token Manual Review Findings
TNE-01M: Complete Centralization of Supply
Type | Severity | Location |
---|---|---|
Centralization Concern | Token.sol:L62-L66 |
Description:
The minter
role is capable of performing mints of arbitrary amounts of the protocol token.
Example:
contracts/periphery/Token.sol
62function mint(address account, uint amount) external returns (bool) {63 require(msg.sender == minter);64 _mint(account, amount);65 return true;66}
Recommendation:
We advise this trait to be re-evaluated and potentially prohibited as it currently significantly centralizes the protocol. If the minter
role is meant to signify a protocol contract, it should be explicitly set as such via the contract's constructor
.
Alleviation:
The Xcaliswap team has not made any changes in the source code for this issue.