Security Snippets: #12

Can you find a mistake in the next snippet:

_mint(msg.sender, 10e8 * 10 ** decimals()); // 100 million

And Tornado Blast auditors could!

10e8 equals to 1 billion, so it could have minted about 10 billion tokens instead of 100 million.

So whenever you see numbers like 1e8, it's a good idea to check the protocol documentation to make sure it's a valid integer.

And the code above should be:

_mint(msg.sender, 100_000_000 * 10 ** decimals()); // 100 million

Stay focused during the audit.