Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

`currentBatchSize` is Not Used in mint() which can lead to DoS using dust amounts

0x15_eth

Summary

The RAACNFT contract contains a batch system for minting NFTs, controlled by currentBatchSize:

uint256 public currentBatchSize = 3;

However, in the mint() function, this variable is not checked before minting:

function mint(uint256 _tokenId, uint256 _amount) public override {
uint256 price = raac_hp.tokenToHousePrice(_tokenId);
if(price == 0) { revert RAACNFT__HousePrice(); }
if(price > _amount) { revert RAACNFT__InsufficientFundsMint(); }
// transfer erc20 from user to contract - requires pre-approval from user
token.safeTransferFrom(msg.sender, address(this), _amount);
// mint tokenId to user
_safeMint(msg.sender, _tokenId);
// If user approved more than necessary, refund the difference
if (_amount > price) {
uint256 refundAmount = _amount - price;
token.safeTransfer(msg.sender, refundAmount);
}
emit NFTMinted(msg.sender, _tokenId, price);
}

There is no check on currentBatchSize, meaning infinite NFTs can be minted in a single transaction if no external controls are in place. A malicious user could mint an excessive number of NFTs using dust amounts, spamming storage and clogging the contract.

Impact

An attacker can repeatedly call mint() with dust amounts which could increase block gas limits and lead to DoS for legitimate users

Tools Used

Manual review

Recommendations

Enforce currentBatchSize in mint(). This prevents unlimited minting beyond the currentBatchSize

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!