Unchecked Payload Size Leads to Minting Failures.
Summary
A critical vulnerability was identified in the contract deployed on Layer 2 (L2), where the payload size for token transfers
is not adequately checked. This flaw can result in the inability to mint tokens if a large number of tokens are sent as a payload.
This unchecked payload size may lead to the failure of the contract to handle the transaction correctly,
potentially causing a significant disruption in token distribution and financial losses for users.
Vulnerability Details
The vulnerability arises from the lack of validation on the size of the payload sent to the minting function on L2.
When a large payload containing multiple tokens is sent, the contract fails to manage this data properly due to the unchecked size.
As a result, the minting function may not execute as expected, leading to the failure of the token minting process.
This issue typically occurs when the minting function does not enforce a limit on the size of the payload, allowing for an excessive number
of tokens to be processed simultaneously. and this will cause to out of gas and Tx will fail.
POC:
Impact
NFTs will be stuck and not minted due to out of gas.
Recommendations
Implement Payload Size Checks:
Introduce validation logic to ensure that the payload size is within acceptable limits before processing it in the minting function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.