Atomic Tortilla Guppy
high
The contract includes a minting functionality without any restrictions on who can execute the function.
This may be misused by malicious users to mint any arbitrary amount of tokens, which may lead to a serious vulnerability – inflation.
The value of the tokens may drop drastically if an attacker manages to execute the _mint function and then sell these tokens on the market.
// Mint canonical tokens and give it to the sender
super._mint(msg.sender, canonicalTokensOut);Manual Review
To mitigate this vulnerability, consider adding an access control mechanism to the minting function, so that only authorized accounts (the contract owner, for example) can execute the function. An example of such a mechanism would be to use the OwnableUpgradeable contract from OpenZeppelin and make the minting function onlyOwner.