Omniscia Vector Finance Audit

vtx Manual Review Findings

vtx Manual Review Findings

VTX-01M: Overly Centralized Minting Functionality

TypeSeverityLocation
Logical FaultMediumvtx.sol:L19-L24

Description:

The VTX token can be minted arbitrarily by its owner.

Example:

contracts/vtx.sol
19function mint(address _to, uint256 _amount) public override onlyOwner {
20 if (totalSupply() + _amount > MAX_SUPPLY) {
21 _amount = MAX_SUPPLY - totalSupply();
22 }
23 _mint(_to, _amount);
24}

Recommendation:

We advise the ownership structure to be clearly detailed within the code as should it be an entity-controlled wallet it poses a significant centralization risk to the protocol.

Alleviation:

Comments were introduced to the contract that state its owner is the MasterChief contract preventing misuse of the function.