Possible rounding issues in L1MantleToken
Description
The mint function in L1MantleToken calculated the maximumMintAmount using the following formula:
uint256 maximumMintAmount = (totalSupply() * mintCapNumerator) / MINT_CAP_DENOMINATOR;Below is the mint function:
function mint(address _recipient, uint256 _amount) public onlyOwner {
uint256 maximumMintAmount = (totalSupply() * mintCapNumerator) / MINT_CAP_DENOMINATOR;
if (_amount > maximumMintAmount) {
revert MantleToken_MintAmountTooLarge(_amount, maximumMintAmount);
}
if (block.timestamp < nextMint) revert MantleToken_NextMintTimestampNotElapsed(block.timestamp, nextMint);
nextMint = block.timestamp + MIN_MINT_INTERVAL;
_mint(_recipient, _amount);
}If the totalSupply and mintCapNumerator are small enough, they might round down to zero when divided by MINT_CAP_DENOMINATOR. This would revert the transaction because of the if condition following the calculation, and an admin would not be able to mint the tokens. It is advised to use the mintCapNumerator and _initialSupply at a value large enough so the above calculations do not round down the maximumMintAmount to zero.
Impact
The mint function would revert.
Recommendations
Set the _initialSupply in initialize and mintCapNumerator using setMintCapNumerator to values large enough so the division does not round down the maximumMintAmount to zero.
Remediation
Mantle Network rejected this finding and provided the response below:
In our practical use case, it is unlikely to encounter situations where
totalSupplyandmintCapNumeratorare too small. The situation mentioned in the report does not exist.