I just realized something curious while writing ERC-20 tests: I used the OpenZeppelin contract wizard with Mintable/Burnable and Roles features (See screenshot below), and it looks like the burn() method is not protected by default.
This means anyone could burn their own tokens if they wanted to. Now I have questions:
- Is this standard and considered normal practice?
- A major holder of a given token could hypothetically decrease supply substantially if he decided to burn his tokens, wouldn't it be problematic?
- AFAIK DEXes and other services may sometimes need to mint/burn tokens temporarily. How do these thing work in practice?
- Would it break the proper functioning of the token if the burn function were to be protected by an onlyRole(MINTER_ROLE) modifier?