Introduction
Like most things in security, the answer is "it depends." However, I'd lean towards "yes, this will likely cause issues."
Issues internally
Heading over to Solodit we can see a LOT of issues arise by just searching for issues with totalSupply
. These issues can come up depending on a multitude of factors:
- Total Supply affecting reward payout
- Total Supply being used in rebase calculations
- Total Supply being used for insert anything here
Issues externally
Now, maybe you don't use the total supply anywhere else internally, and it's just "a vanity metric." By doing so, your token technically no longer follows the ERC 20 Token Standard because you've now broken an invariant of the ERC20.
- The
totalSupply
function must return the sum of all account balances.
By doing so, you'll exclude your token from being compatible with many other dapps in the web3 ecosystem, and your token will be added to the list of weird ERC20s that have incompatibilities and issues if used in web3 apps like Aave, Uniswap, etc.
You could of course, "not care" but it would seem odd to me to build a token just to have it not work with the rest of DeFi.
Summary
Technically, suppose your totalSupply
doesn't reflect the totalSupply. In that case, your ERC20 is technically no longer an ERC20, and should be excluded from integration with DeFi applications because this could cause unintended side effects of those protocols.
And finally, yes, this could (and likely does) cause issues inside your protocol as well, because its quite likely your rebasing token uses the totalSupply
in some type of internal calculation.
And finally, if you're concerned, please contact a security specialist to conduct a security review or smart contract audit.
totalSupply
there's no attack risk ...