← Back to Audits

Mintify $MINT Token - Mintify

Prepared by:

Halborn Logo

HALBORN

Last Updated 03/06/2025

Date of Engagement: February 26th, 2025 - February 27th, 2025

Summary

100% of all REPORTED Findings have been addressed

All findings

7

Critical

0

High

0

Medium

1

Low

0

Informational

6

Table of Contents

1. Introduction

Mintify engaged Halborn to conduct a security assessment on their Mintify SPL Token with Wormhole integration beginning on February 26th, 2025 and ending on February 27th, 2025. The security assessment was scoped to the smart contracts provided in the mintify-wormhole-token GitHub repository, commit hashes, and further details can be found in the Scope section of this report.


2. Assessment Summary

The team at Halborn assigned one full-time security engineer to check the security of the smart contracts. The security engineer is a blockchain and smart-contract security expert with advanced penetration testing and smart-contract hacking skills, and deep knowledge of multiple blockchain protocols.


The purpose of this assessment is to:

    • Ensure that smart contract functionality operates as intended

    • Identify potential security issues with the smart contracts


In summary, Halborn identified some improvements to reduce the likelihood and impact of risks, which have been partially addressed by the Mintify team. The main ones were the following:

    • Add a strict check during minting to ensure that no more tokens than intended can ever be minted.

    • Implement OpenZeppelin's Pausable module to provide a flexible and secure mechanism for temporarily suspending contract functionality in case of emergency.

    • Use a fixed Solidity version in the pragma to ensure the contract is always compiled with a known version.


3. Test Approach and Methodology

Halborn performed a combination of manual review of the code and automated security testing to balance efficiency, timeliness, practicality, and accuracy in regard to the scope of the smart contract assessment. While manual testing is recommended to uncover flaws in logic, process, and implementation; automated testing techniques help enhance coverage of smart contracts and can quickly identify items that do not follow security best practices. The following phases and associated tools were used throughout the term of the assessment: 

    • Research into the architecture, purpose, and use of the platform.

    • Smart contract manual code review and walkthrough to identify any logic issue.

    • Thorough assessment of safety and usage of critical Solidity variables and functions in scope that could lead to arithmetic related vulnerabilities.

    • Manual testing by custom scripts.

    • Graphing out functionality and contract logic/connectivity/functions (solgraph).

    • Static Analysis of security for scoped contract, and imported functions. (Slither).

4. RISK METHODOLOGY

Every vulnerability and issue observed by Halborn is ranked based on two sets of Metrics and a Severity Coefficient. This system is inspired by the industry standard Common Vulnerability Scoring System.
The two Metric sets are: Exploitability and Impact. Exploitability captures the ease and technical means by which vulnerabilities can be exploited and Impact describes the consequences of a successful exploit.
The Severity Coefficients is designed to further refine the accuracy of the ranking with two factors: Reversibility and Scope. These capture the impact of the vulnerability on the environment as well as the number of users and smart contracts affected.
The final score is a value between 0-10 rounded up to 1 decimal place and 10 corresponding to the highest security risk. This provides an objective and accurate rating of the severity of security vulnerabilities in smart contracts.
The system is designed to assist in identifying and prioritizing vulnerabilities based on their level of risk to address the most critical issues in a timely manner.

4.1 EXPLOITABILITY

Attack Origin (AO):
Captures whether the attack requires compromising a specific account.
Attack Cost (AC):
Captures the cost of exploiting the vulnerability incurred by the attacker relative to sending a single transaction on the relevant blockchain. Includes but is not limited to financial and computational cost.
Attack Complexity (AX):
Describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Includes but is not limited to macro situation, available third-party liquidity and regulatory challenges.
Metrics:
EXPLOITABILITY METRIC (mem_e)METRIC VALUENUMERICAL VALUE
Attack Origin (AO)Arbitrary (AO:A)
Specific (AO:S)		1
0.2
Attack Cost (AC)Low (AC:L)
Medium (AC:M)
High (AC:H)		1
0.67
0.33
Attack Complexity (AX)Low (AX:L)
Medium (AX:M)
High (AX:H)		1
0.67
0.33
Exploitability EE is calculated using the following formula:

E=meE = \prod m_e

4.2 IMPACT

Confidentiality (C):
Measures the impact to the confidentiality of the information resources managed by the contract due to a successfully exploited vulnerability. Confidentiality refers to limiting access to authorized users only.
Integrity (I):
Measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of data stored and/or processed on-chain. Integrity impact directly affecting Deposit or Yield records is excluded.
Availability (A):
Measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. This metric refers to smart contract features and functionality, not state. Availability impact directly affecting Deposit or Yield is excluded.
Deposit (D):
Measures the impact to the deposits made to the contract by either users or owners.
Yield (Y):
Measures the impact to the yield generated by the contract for either users or owners.
Metrics:
IMPACT METRIC (mIm_I)METRIC VALUENUMERICAL VALUE
Confidentiality (C)None (I:N)
Low (I:L)
Medium (I:M)
High (I:H)
Critical (I:C)		0
0.25
0.5
0.75
1
Integrity (I)None (I:N)
Low (I:L)
Medium (I:M)
High (I:H)
Critical (I:C)		0
0.25
0.5
0.75
1
Availability (A)None (A:N)
Low (A:L)
Medium (A:M)
High (A:H)
Critical (A:C)		0
0.25
0.5
0.75
1
Deposit (D)None (D:N)
Low (D:L)
Medium (D:M)
High (D:H)
Critical (D:C)		0
0.25
0.5
0.75
1
Yield (Y)None (Y:N)
Low (Y:L)
Medium (Y:M)
High (Y:H)
Critical (Y:C)		0
0.25
0.5
0.75
1
Impact II is calculated using the following formula:

I=max(mI)+mImax(mI)4I = max(m_I) + \frac{\sum{m_I} - max(m_I)}{4}

4.3 SEVERITY COEFFICIENT

Reversibility (R):
Describes the share of the exploited vulnerability effects that can be reversed. For upgradeable contracts, assume the contract private key is available.
Scope (S):
Captures whether a vulnerability in one vulnerable contract impacts resources in other contracts.
Metrics:
SEVERITY COEFFICIENT (CC)COEFFICIENT VALUENUMERICAL VALUE
Reversibility (rr)None (R:N)
Partial (R:P)
Full (R:F)		1
0.5
0.25
Scope (ss)Changed (S:C)
Unchanged (S:U)		1.25
1
Severity Coefficient CC is obtained by the following product:

C=rsC = rs

The Vulnerability Severity Score SS is obtained by:

S=min(10,EIC10)S = min(10, EIC * 10)

The score is rounded up to 1 decimal places.
SeverityScore Value Range
Critical9 - 10
High7 - 8.9
Medium4.5 - 6.9
Low2 - 4.4
Informational0 - 1.9

5. SCOPE

Files and Repository
(a) Repository: mintify-wormhole-token
(b) Assessed Commit ID: https://github.com/x-hzc/mintify-wormhole-token/tree/86701ff736985060dbb1585da7dd37bf540feb00
(c) Items in scope:
  • contracts/Mintify.sol
Out-of-Scope: Third party dependencies and economic attacks.
Remediation Commit ID:
Out-of-Scope: New features/implementations after the remediation commit IDs.

6. Assessment Summary & Findings Overview

Critical

0

High

0

Medium

1

Low

0

Informational

6

Security analysisRisk levelRemediation Date
Missing MAX_SUPPLY EnforcementMediumSolved - 02/28/2025
Centralized Minter RoleInformationalAcknowledged - 03/03/2025
Absence of Pausable Mechanism for Emergency ControlInformationalAcknowledged - 03/03/2025
Floating PragmaInformationalAcknowledged - 03/03/2025
Use of Hardcoded Decimal Value Instead of Constant or FunctionInformationalAcknowledged - 03/03/2025
Missing Validation for Non-Zero Mint AmountInformationalAcknowledged - 03/03/2025
Lack of Dedicated Mint Event for TransparencyInformationalAcknowledged - 03/03/2025

7. Findings & Tech Details

7.1 Missing MAX_SUPPLY Enforcement

//

Medium

Description

Although a MAX_SUPPLY constant is declared in the contract, there is no validation against it in the mint function.


This allows for unlimited token creation, potentially causing severe inflation, undermining the token’s value, and resulting in behavior that is clearly not intended.

Code Location

Snippet of code from Mintify contract:

contract Mintify is ERC20, ERC20Permit, ERC20Burnable, Ownable2Step {
    uint256 public constant MAX_SUPPLY = 10_000_000_000 * 10 ** 18;
    address public minter;

Code of mint function:

function mint(address account, uint256 amount) external onlyMinter {
    _mint(account, amount);
}
BVSS
Recommendation

It is recommended to add a strict check in mint:

require(totalSupply() + amount <= MAX_SUPPLY, "Exceeds max supply");

This ensures that no more tokens than intended can ever be minted.

Remediation

SOLVED: The Mintify team has solved this issue by implementing the recommended validation.

Remediation Hash
https://github.com/x-hzc/mintify-wormhole-token/commit/bd2fbb1b371ffe678c86592dcbbc1e3dad994d99

7.2 Centralized Minter Role

//

Informational

Description

The contract designates a single address as the minter, with the power to mint new tokens at will, creating a significant centralization risk. If the minter address is compromised, lost, or behaves maliciously, the following risks arise:


  • Unlimited Token Creation: A compromised minter could mint an infinite number of tokens, causing severe inflation and undermining the token’s value and integrity.


  • Single Point of Failure: If the minter private key is lost, the contract loses its minting capability, potentially halting crucial operations.

BVSS
Recommendation

It is recommended to decentralize the minting authority by:

  • Implementing a Multisig Wallet: Use a multisignature wallet (e.g., Gnosis Safe) as the minter, requiring multiple approvals for each minting action. This approach minimizes the impact of a compromised private key, as no single entity can unilaterally mint tokens.


  • Adopting Governance Mechanisms: Incorporate a decentralized governance model (e.g., DAO voting) to control the minter role, ensuring community involvement and reducing the risk of centralized abuse.

Remediation

ACKNOWLEDGED: The Mintify team has acknowledged this finding.

7.3 Absence of Pausable Mechanism for Emergency Control

//

Informational

Description

The contract lacks a Pausable implementation, which means it cannot be temporarily halted in case of emergencies, such as security breaches, exploits, or unexpected behavior.


Without this safeguard, the contract remains fully operational even if a critical vulnerability is discovered, increasing the risk of further damage, unauthorized minting, or fund loss

BVSS
Recommendation

It is recommended to implement OpenZeppelin's Pausable module to provide a flexible and secure mechanism for temporarily suspending contract functionality in case of emergency.

Remediation

ACKNOWLEDGED: The Mintify team has acknowledged this finding.

7.4 Floating Pragma

//

Informational

Description

The Mintify contract uses a floating pragma version, which allows compilation with multiple versions of the Solidity compiler.


This approach can introduce unexpected behaviors if new compiler versions are released, potentially introducing changes or bugs that impact the contract.


Code Location

Snippet of code from Mintify contract:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
BVSS
Recommendation

It is recommended to use a fixed Solidity version in the pragma, such as pragma solidity 0.8.20, to ensure the contract is always compiled with a known version. This minimizes the risk of unexpected behaviors due to compiler changes.

Remediation

ACKNOWLEDGED: The Mintify team has acknowledged this finding.

7.5 Use of Hardcoded Decimal Value Instead of Constant or Function

//

Informational

Description

The contract uses the 10**18 value directly as a magic number to represent the token’s decimals, which can lead to higher gas costs and decrease readability.


Additionally, using hardcoded values can make it difficult to adjust the decimal precision if necessary.


Code Location

Snippet of code from StarOFToken contract:

contract Mintify is ERC20, ERC20Permit, ERC20Burnable, Ownable2Step {
    uint256 public constant MAX_SUPPLY = 10_000_000_000 * 10 ** 18;
    address public minter;
BVSS
Recommendation

It is recommended to replace the hardcoded decimal value with decimals() or define a constant, such as DECIMALS to optimize gas usage and improve the contract’s readability. This will make the code more adaptable to future changes.

Remediation

ACKNOWLEDGED: The Mintify team has acknowledged this finding.

7.6 Missing Validation for Non-Zero Mint Amount

//

Informational

Description

The contract fails to verify that the amount to be minted is strictly greater than zero.


Even though _mint ensures a non-zero recipient address, zero-token minting remains possible, creating unnecessary transactions with no meaningful effect.


Code Location

Code of mint function:

function mint(address account, uint256 amount) external onlyMinter {
    _mint(account, amount);
}
BVSS
Recommendation

It is recommended to include a check within the mint function:

require(amount > 0, "Mint zero tokens");

This ensures all mint operations involve a positive token amount, improving clarity and saving gas.

Remediation

ACKNOWLEDGED: The Mintify team has acknowledged this finding.

7.7 Lack of Dedicated Mint Event for Transparency

//

Informational

Description

The contract relies solely on the standard Transfer event emitted by _mint.


Although this indicates the creation of new tokens, it lacks explicit clarity. Off-chain services, explorers, and auditors may find it challenging to differentiate between minting and regular transfers from the zero address.

BVSS
Recommendation

It is recommended to create and emit a custom Mint event, for example:

event Mint(address indexed to, uint256 amount); 

function mint(address account, uint256 amount) external onlyMinter { 
    _mint(account, amount); 
    emit Mint(account, amount); 
}

This ensures clear tracking of newly minted tokens.

Remediation

ACKNOWLEDGED: The Mintify team has acknowledged this finding.

8. Automated Testing

Static Analysis Report

Description

Halborn used automated testing techniques to enhance the coverage of certain areas of the smart contracts in scope. Among the tools used was Slither, a Solidity static analysis framework. After Halborn verified the smart contracts in the repository and was able to compile them correctly into their abis and binary format, Slither was run against the contracts. This tool can statically verify mathematical relationships between Solidity variables to detect invalid or inconsistent usage of the contracts' APIs across the entire code-base.


The security team assessed all findings identified by the Slither software, however, findings with related to external dependencies are not included in the below results for the sake of report readability.

Slither Results

The findings from the Slither scan have not been included in the report, as they were all related to third-party dependencies.

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

// Download the full report

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed

© Halborn 2025. All rights reserved.