Organization
- @definitive-finance
Engagement Type
Cantina Reviews
Period
-
Repositories
Researchers
Findings
Informational
2 findings
0 fixed
2 acknowledged
Informational2 findings
Same contract address might not be possible in every chain
State
- Acknowledged
Severity
- Severity: Informational
Submitted by
carrotsmuggler
Description
The deployment script uses create2 to make sure the token is deployed to the same contract address across different chains.
However, certain chains like zksync calculate contract addresses differently for create2, and thus can lead to a different deployment address even when using the same deployment wallet and salt.
Recommendation
If chains like zksync are also targeted, the system should not rely on having the same contract address on all chains.
No burn function can lead to uncontrolled growth of totalSupply
State
- Acknowledged
Severity
- Severity: Informational
Submitted by
carrotsmuggler
Description
While the contracts implement a mint function to mint tokens to any address, there is no burn function. Thus, there is no way to reduce the totalSupply of the tokens or a way to reduce the initial mint of 1 billion tokens.
Tokens can still be taken out of the supply by sending them to a burn address (like 0 or 0xdead), but the totalSupply will keep accounting for them.
Recommendation
Consider implementing a burn function as well if the totalSupply is expected to be reduced at some point.