Help with smartcontract code to mint or not to mint (urgent)

#1

Hi

Can someone help me dissect the snippet from the smartcontract code below.

There is an ongoing discussion wether the token can be minted or not. There is a “mint” function in the code, if this makes it possible to mint new tokens, is the minting amount limitied to initial supply? Some explanation on what the different lines do would be highly appreciated. Smart contract + code: https://etherscan.io/address/0xafbec4d65bc7b116d85107fd05d912491029bf46#code

Contract owner has called mint-function 5235 times: https://bloxy.info/txs/calls_sc/0xafbec4d65bc7b116d85107fd05d912491029bf46?signature_id=37463

Can anyone explain what has happened, has there been added new tokens on top of the total supply? It appears that there are over 1M tokens in token holder adresses than total supply, and this is the root cause for the discussion we are trying to figure out.

1 Like

#2

@gausscoins

The Function:

function mint(address wallet, address buyer, uint256 tokenAmount) public onlyOwner {
  require(tokenBalances[wallet] >= tokenAmount);               // checks if it has enough to sell
  tokenBalances[buyer] = tokenBalances[buyer].add(tokenAmount);                  // adds the amount to buyer's balance
  tokenBalances[wallet] = tokenBalances[wallet].sub(tokenAmount);                        // subtracts amount from seller's balance
  Transfer(wallet, buyer, tokenAmount); 
  totalSupply=totalSupply.sub(tokenAmount);
}

This initially checks to see whether the token balance of the provided wallet address is greater than the provided tokenAmount, if this is true then it adds the tokens to the buyer address mapping and subtracts them from the wallet address mapping before emitting the Transfer event and updating the totalSupply variable.

Just from this code I see nothing stopping the owner from moving the full balance of any address to another… Looking at the rest of the contract now to learn more and will update this post with my findings.

1 Like

#3

At line 112 of the contract the totalSupply variable is declared and set equal to 1e+25.

uint256 public constant INITIAL_SUPPLY = 10000000;
...
function ARBITRAGEToken(address wallet) public {
    owner = msg.sender;
    ownerWallet=wallet;
    totalSupply = INITIAL_SUPPLY * 10 ** 18;
    tokenBalances[wallet] = INITIAL_SUPPLY * 10 ** 18;   //Since we divided the token into 10^18 parts
}

In this we can see INITIAL_SUPPLY is set to 10000000 (1e+7) and then totalSupply is set to INITIAL_SUPPLY multiplied by 10 ** 18 (1e+18). This sets the token supply at 1e+25.

From what I can see in the code it would seem that these tokens are initially added to a wallet address provided to the ARBITRAGEToken function but it is unclear what address this would be as it needs to be passed in. Then from there the mint function can subtract from that wallet and supply tokens to buyers.

But I can see nothing stopping the owner from calling that function with any address as the source address to simply transfer tokens from one address to another as it does not use a hardcoded address so please keep this in mind.

Though I do not claim to be an expert on Ethereum and smart contracts so I could be missing something, I.e. the nature of wallets and the requirements of private keys for transactions could prevent the owner from abusing it, but I am unsure as of right now.

I would be careful with this though - until a more experienced person can answer and explain it better.

Edit: The supply of tokens should be limited to the totalSupply value due to the safemath function but since this is done at the end of the mint function it is possible that it would just throw after performing the transfer so I can’t be sure it would in fact limit the supply from going over the ‘limit’.

1 Like