Assessment reportsPublic findings
Back to Zellic site
Assessment reports>SAX>Discussion>Token creator can set virality
GeneralOverview
Findings
High (1)
Medium (1)
Informational (1)
DiscussionUnused and redundant fields of structures Checks-effects-interactions patternRedundant if conditions in `getSellPrice` functionCentralization riskInitial mint sellableToken creator can set viralityIncomplete test coverageToken share rounding errors
Threat ModelWhat are threat models?BondingViralityController.solMerkleTokenShare.sol
Audit ResultsSummary

Token creator can set initial virality score

When creating a new token, the caller can set the initial virality score:

function createToken(string calldata hashtag, address recipient, uint16 viralityScore) external {
    // ...
    registeredTokens[address(token)] = HashtagData({
        supply: initialSupply,
        hashtag: hashtag,
        viralityScore: viralityScore,
        lastUpdatedAt: block.timestamp,
        lastPrice: initialPrice,
        liquidity: 0
    });
    // ...
}

Note that after allowCreateTokens is set, anyone can call this function and create a new token. If the caller sets viralityScore to zero, they will be able to buy an arbitrary amount of tokens at no cost. Damage to other users would not materialize if they do not interact with this token, recognizing that the token creator used this to allocate a large amount of tokens for themselves. This still amounts to a squatting issue in that case, as only one token can be created per lowercased hashtag.

In commit , createToken was changed to set viralityScore of a newly created token to a fixed value rather than a caller-supplied value.

Zellic © 2024Back to top ↑