Wobbly Cinnamon Leopard
Medium
The Points contract is a soulbound token. It means that the token can't be transfer and can be only mint or burn. When burning the token, the total supply does not decrease.
To burn a token, the user has to call the transfer function as explained in the comments:
/// @inheritdoc ERC20
/// @notice A hook that is called before any transfer of points
/// @dev Reverts if the transfer is not a mint or burn (i.e. if neither `from` nor `to` are the zero address)
function _beforeTokenTransfer(address from, address to, uint256) internal virtual override {
if (from != address(0) && to != address(0)) revert NonTransferable();
}So any user calling the transfer function can transfer his token to the address(0). But when doing so, it does not decrease the totalsupply variable. Then, any protocol or user calling the totalSupply() function will have the wrong value.
No response
No response
- A user have one token and choose to burn it.
- He transfers his token to
address(0)because it is the only way to do so. - An other user call the
totalSupply()function. The result is false.
Any protocol using this token can't use the totalSupply() function since it returns false value. Note that a soulbound token can't be transfer, so when the user transfer to address(0), it must decrease the total supply variable as when there is a burn.
No response
Implement a burn function and revert transfer to address(0).