SPL Token Mint Authority
Detects mint authority vulnerabilities including missing validation and unlimited minting.
SPL Token Mint Authority
Overview
Remediation Guide: How to Fix SPL Token Mint Authority
The mint authority security detector identifies programs that perform MintTo or MintToChecked operations without properly validating the mint account, the mint authority signer, or enforcing supply caps. Unauthorized minting enables token inflation attacks that devalue existing holdings and can lead to protocol insolvency.
Why This Is an Issue
Mint authority controls token supply. Without proper validation:
- Unauthorized minting: An attacker passes an arbitrary account as mint authority to create tokens from any mint they choose
- Unvalidated mint account: An attacker passes a mint they control, receiving tokens for a worthless mint while the protocol treats them as valuable
- No supply cap: Even with valid authority, unlimited minting causes inflation, devaluing existing tokens
- Authority transfer: Unauthorized SetAuthority operations can permanently transfer minting capability to an attacker
CWE mapping: CWE-863 (Incorrect Authorization), CWE-770 (Allocation of Resources Without Limits).
How to Resolve
pub fn mint_tokens(accounts: &[AccountInfo], amount: u64) -> ProgramResult {
let mint = &accounts[0];
let destination = &accounts[1];
let authority = &accounts[2];
// Validate mint account is owned by Token program
if mint.owner != &spl_token::id() { return Err(ProgramError::IncorrectProgramId); }
// Validate it's the expected mint
if mint.key != &EXPECTED_MINT { return Err(ProgramError::InvalidAccountData); }
// Validate authority
if !authority.is_signer { return Err(ProgramError::MissingRequiredSignature); }
let mint_data = Mint::unpack(&mint.data.borrow())?;
if mint_data.mint_authority != COption::Some(*authority.key) {
return Err(ProgramError::InvalidAccountData);
}
// Enforce supply cap
if mint_data.supply.checked_add(amount).ok_or(ProgramError::ArithmeticOverflow)? > MAX_SUPPLY {
return Err(ProgramError::Custom(ErrorCode::SupplyCapExceeded as u32));
}
let ix = spl_token::instruction::mint_to(
&spl_token::id(), mint.key, destination.key, authority.key, &[], amount,
)?;
invoke(&ix, accounts)?;
Ok(())
}Examples
Sample Sigvex Output
{
"detector_id": "spl-token-mint-authority",
"severity": "critical",
"confidence": 0.80,
"description": "Minting tokens without validating the mint authority. An attacker could pass an arbitrary account as the authority, allowing unauthorized minting.",
"location": { "function": "mint_tokens", "offset": 1 }
}Detection Methodology
- CPI classification: Identifies MintTo (discriminator 7), MintToChecked (14), and SetAuthority (6) operations.
- Validation tracking: Tracks owner, signer, and key validations for accounts used in mint operations.
- Authority verification: Checks that the authority account in MintTo operations has been validated as a signer and matched against expected values.
- Supply cap detection: Looks for comparison operations that indicate supply limit enforcement.
Limitations
- Simplified account index extraction may not accurately identify authority accounts in complex CPI layouts.
- Supply cap checks via external state queries or helper functions may not be detected.
- PDA-based mint authority validation requires seed verification that may not be visible at the HIR level.
Related Detectors
- SPL Token Authority Confusion — detects confusion between authority types
- SPL Token Freeze Burn — detects freeze/burn authority issues
- Mint Authority Abuse — detects general mint authority abuse patterns