Submission Details
Severity:
No Maximum Supply Limit and Potential TokenCounter Overflow
Summary
The contract lacks a maximum supply limit and has no protection against tokenCounter overflow, which could lead to system failure.
Vulnerability Details
function donate(address charity) public payable {
// ...
_mint(msg.sender, tokenCounter);
// ...
tokenCounter += 1; // No max supply check, no overflow protection
}
Test proving vulnerability:
function testTokenCounterOverflow() public {
// Set tokenCounter to max value
vm.store(
address(charityContract),
bytes32(uint256(2)), // tokenCounter slot
bytes32(type(uint256).max)
);
// Setup charity
vm.startPrank(admin);
registryContract.registerCharity(charity);
registryContract.verifyCharity(charity);
vm.stopPrank();
// Attempt to mint reverts due to overflow
vm.expectRevert();
charityContract.donate{value: 1 ether}(charity);
}
Impact
LOW:
No maximum supply control
Potential DoS when counter reaches max value
Possible system lockout at uint256.max
Tools Used
Manual code review
Foundry testing framework
Custom overflow test with vm.store
Slot storage manipulation
Recommendations
contract GivingThanks is ERC721URIStorage {
uint256 public constant MAX_SUPPLY = 1000000;
function donate(address charity) public payable {
require(tokenCounter < MAX_SUPPLY, "Max supply reached");
// ... rest of function
}
}
Rewards breakdown
nSLOC
67This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.