Omniscia Vector Finance Audit
vtx Manual Review Findings
vtx Manual Review Findings
VTX-01M: Overly Centralized Minting Functionality
Type | Severity | Location |
---|---|---|
Logical Fault | Medium | vtx.sol:L19-L24 |
Description:
The VTX
token can be minted arbitrarily by its owner.
Example:
contracts/vtx.sol
19function mint(address _to, uint256 _amount) public override onlyOwner {20 if (totalSupply() + _amount > MAX_SUPPLY) {21 _amount = MAX_SUPPLY - totalSupply();22 }23 _mint(_to, _amount);24}
Recommendation:
We advise the ownership structure to be clearly detailed within the code as should it be an entity-controlled wallet it poses a significant centralization risk to the protocol.
Alleviation:
Comments were introduced to the contract that state its owner is the MasterChief contract preventing misuse of the function.