Treat cost can change between `trickOrTreat` and `resolveTrick` function calls leading to inconsistent treat costs for trick case.
Treat cost can change between trickOrTreat and resolveTrick function calls leading to inconsistent treat costs for trick case.
Description:
When calling the trickOrTreat function, if the user is tricked for 2x treat cost and sent funds are not sufficient, then the NFT is minted and set as pending till remainder cost is transferred. However, the user can wait for the actual treat cost to be updated, and choose to call resolveTrick at a favourable time to get a cheaper price for the treat.
Impact:
User can keep the trick NFT in pending state and wait for a suitable time to complete the purchase, which leads to owner getting less fees than intended.
Recommended Mitigation:
An additional mapping can be used to store the cost of the treat at the time trickOrTreat function is called, which can be used as reference when user calls resolveTrick at a later time.
Appeal created
[invalid] Change cost between the call of trickOrTreat and resolveTrick
Only the owner has the rights to change the cost of the treat. Therefore it is assumed that the owner will not change the cost of the pending NFTs. The owner role is trusted.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.