Description

In the minting flow, request_mint_to queues a mint request without checking whether the requested amount fits within state.mint_budget. That validation only occurs later during execute_mint_to. As a result, oversized requests can be accepted and stored on chain, only to fail upon execution.

Impact

While this does not cause incorrect behavior, it introduces a gap between request acceptance and request viability. Malformed or oversized mint requests remain on chain until explicitly executed and then revert, potentially leading to user confusion or unnecessary storage bloat.

Recommendations

Consider performing a budget check at the request phase:

assert!(amount <= state.mint_budget, EMintBudgetNotEnough);

This would provide earlier feedback and prevent the creation of unexecutable requests.

Remediation

This issue has been acknowledged by MatrixDock, and they have provided the following response:

This logic is consistent with the EVM version of the code and the result is expected.