Wrapped Token Parity

Overview

The wrapped token parity detector identifies missing validation that wrapped token supply matches underlying collateral in bridge programs. It flags cases where tokens are minted without validating that equivalent collateral was deposited, or burned without validating collateral withdrawal.

For remediation guidance, see Wrapped Token Parity Remediation.

Why This Is an Issue

Bridge programs and token wrapping protocols must maintain a strict invariant: wrapped token supply must equal collateral balance. If a program allows minting wrapped tokens without depositing collateral, or burning tokens without releasing collateral, the parity invariant breaks. This enables infinite minting attacks where an attacker creates unbacked wrapped tokens, effectively stealing from all other wrapped token holders. Several bridge exploits worth hundreds of millions have exploited this exact vulnerability class.

How to Resolve

Before (Vulnerable)

// Vulnerable: mints without verifying collateral deposit
pub fn wrap(ctx: Context<Wrap>, amount: u64) -> Result<()> {
    token::mint_to(ctx.accounts.into_mint_ctx(), amount)?;
    // No collateral balance verification
    Ok(())
}

After (Fixed)

// Fixed: verifies collateral deposit before minting
pub fn wrap(ctx: Context<Wrap>, amount: u64) -> Result<()> {
    let collateral_before = ctx.accounts.collateral_vault.amount;
    token::transfer(ctx.accounts.into_deposit_ctx(), amount)?;
    let collateral_after = ctx.accounts.collateral_vault.reload()?.amount;

    require!(
        collateral_after == collateral_before + amount,
        ErrorCode::CollateralMismatch
    );

    token::mint_to(ctx.accounts.into_mint_ctx(), amount)?;

    // Verify parity invariant
    let total_supply = ctx.accounts.wrapped_mint.supply;
    require!(total_supply == collateral_after, ErrorCode::ParityViolation);
    Ok(())
}

Example JSON Finding

{
  "detector": "wrapped-token-parity",
  "severity": "critical",
  "confidence": 0.65,
  "message": "Token mint operation without collateral parity validation",
  "location": { "function": "wrap", "block": 0, "statement": 1 }
}

Detection Methodology

1. Mint/burn detection: Identifies token mint and burn CPI operations.
2. Collateral tracking: Searches for corresponding collateral deposit/withdrawal operations.
3. Parity invariant check: Verifies that supply == collateral assertions exist after mint/burn operations.
4. Atomicity validation: Ensures mint and collateral operations happen atomically within the same instruction.

Limitations

False positives: Programs that manage parity through a separate accounting system may be flagged. False negatives: Parity violations through separate mint authority abuse are not detected.

Related Detectors

• Liquidity Manipulation — pool invariant violations
• Precision Errors — rounding in parity calculations

References

• CWE-682: Incorrect Calculation
• Solana — SPL Token