First Flight #10: One Shot
First Flight #10
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Users can mint unlimited number of NFTs

josh4324

Summary

The mintRapper() function on oneShot.sol allows users to mint an unlimited number of NFTs. Users can exploit this to stake large NFT armies, earn cred tokens, and increase odds of winning battles.

Vulnerability Details

The mintRapper() function has no limit checks around supply or accounts, enabling an attacker to mint endless NFTs by repeatedly calling this.

Attackers could then stake these via stake(uint256 tokenId) on streets.sol, minting 4 credits per NFT.

With tons of staked NFTs, odds of winning goToBattle() become almost guaranteed.

Proof of Code

function testUnlimitedMinting() public {
address testUser = makeAddr("Attacker");
vm.startPrank(testUser);
for (uint256 i = 0; i < 1000; i++) {
oneShot.mintRapper();
}
vm.stopPrank();
assert(oneShot.ownerOf(999) == testUser);
}

Impact

Inflation of staking reward credits

goOnStageOrBattle(uint256 _tokenId, uint256 _credBet) outcomes manipulation

Destabilized game economics

Tools Used

Manual Review

Recommendations

Introduce:

Per address mint limits

Cooldowns to control minting pace

Reasonable credit mints based on normal NFT volumes

Capping exploitable areas preserves balanced game dynamics and reliability of the battles system.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.