It is possible to bypass current minting limits set in the AlchemicTokenV2Base contract

Summary

It is possible to bypass the current minting limits set in the AlchemicTokenV2Base contract.

Vulnerability Detail

Here, the mint function in both AlchemicTokenV2Base and CrossChainCanonicalBase is used to mint the CrossChainCanonicalAlchemicTokenV2 tokens. There are minting limits used in the AlchemicTokenV2Base contract. But those same current minting limits are absent in the CrossChainCanonicalBase contract.

So, a user using the exchangeOldForCanonical can mint a lot more tokens than current minting limits.

The contest README doesn't specify the details regarding how the contract CrossChainCanonicalBase will be initialised or what functions will be called before initializing the contract to prevent this issue.

Impact

More tokens can be minted than intended.

Code Snippet

https://github.com/sherlock-audit/2024-04-alchemix/blob/32e4902f77b05ea856cf52617c55c3450507281c/v2-foundry/src/CrossChainCanonicalBase.sol#L92-L119

Tool used

Manual Review

Recommendation

Adjust the exchangeOldForCanonical to include the minting limits.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

168.md

168.md

It is possible to bypass current minting limits set in the AlchemicTokenV2Base contract

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

168.md

Latest commit

History

168.md

File metadata and controls

It is possible to bypass current minting limits set in the AlchemicTokenV2Base contract

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation