Function InfiniGold
allows users to convert/exchange their PMGT tokens to "gold certificates", which are digital artefacts effectively redeemable for actual gold.
To do so, users are supposed to send their PMGT tokens to a specific burn address.
The transferFrom()
function does not check the to address against this burn address. Users may send tokens to the burn address, using the transferFrom()
function, without triggering the emission of the Burn(address indexed burner, uint256 value)
event, which dictates how the gold certificates are created and distributed.
Prevent sending tokens to the burn address in the transferFrom()
function.
This can be achieved by adding a require
within transferFrom()
which disallows the to address to be the burnAddress
.
- Sigma Prime Audit InfiniGold Finding INF-03
- Data Validation
- transferFrom()
- Burn Address
- Add Require() to != Burn Address