Looking for someone to check my smart contract

Just created a smart contract and looking for someone to check it is everything okay.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;

import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/access/Ownable.sol";

contract MyToken is ERC20, Ownable {

    address public creatorAddress = ;

    uint256 public price = 0.01 ether;

    constructor() ERC20("MyToken", "MTK") {
        _mint(msg.sender, 1000000 * 10 ** decimals());
    }

    function mint() public payable {
        _mint(msg.sender, 1000);
        require(msg.value >= price);
        payable(creatorAddress).transfer(msg.value);
    }
}

Basically anyone can mint 1000 tokens and You pay 0.01 eth for the mint to the creator address.
I will implement the total supply later or erc20 capped.

Hi,

A couple of things:

  • You inherit own able but never actually use it, none of the functions use the onlyOwner modifier.

  • You mint the token before verifying if the user can pay for it

1 Like

Thank You Julissa!

Will change it in a moment.

Regarding the second point, minting before checking if user has sent ether does not matter since it's expected to revert in line 2 if user has sent less ether and previous operation is reverted.
However in case of revert, user needs to pay gas for mint and hence it's better to add the revert check earlier.

1 Like

hey @kapitankot ,
The token is an ERC20 OZ contract. So it has 18 decimals automatically. You can edit your constructor without decimals() function as ;

constructor() ERC20("MyToken", "MTK") {
        _mint(msg.sender, 1000000);
    }

Also I assume the state variable creatorAddress is yours. This variable is also redundant since OZ ERC20 library gives you the ownership at the time of the contract creation on msg.sender
Last thing, there is no withdraw function in the contract. You may want to decorate _transfer function of ERC20 library to authorize the withdrawals.