Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Unbounded Minting

willubedaone

Summary

The EggHuntGame.sol contract allows participants to mint egg NFTs by calling the searchForEgg() function. However, there are no limits on how many times a user can call this function, and no overall cap on the number of NFTs that can be minted. This introduces a vulnerability where an attacker can mint a large number of NFTs in a short period of time, leading to inflation and undermining the value and rarity of the assets.

Vulnerability Details

The searchForEgg() function allows any user to attempt to find and mint an egg NFT during an active game session. The only gating mechanism is a configurable probability (eggFindThreshold), which defaults to 20%. However, the function can be called repeatedly in a tight loop by the same user without restriction.

The contract does not:

  • Enforce any rate-limiting per user.

  • Set a maximum number of eggs that can be minted globally or per session.

  • Implement cooldowns, costs, or anti-bot protections.

By setting the eggFindThreshold to 100% and spamming calls to searchForEgg(), an attacker can reliably mint unlimited eggs.

PoC

function testUnboundedMinting() public {
game.startGame(600); // Start game for 10 minutes
game.setEggFindThreshold(100); // Set egg chance to 100%
vm.startPrank(alice); // Simulate attacker
for (uint256 i = 0; i < 50; i++) {
game.searchForEgg();
}
vm.stopPrank();
uint256 totalEggsMinted = game.eggCounter();
assertEq(totalEggsMinted, 50, "Unbounded minting confirmed");
}

Output

[PASS] testUnboundedMinting() (gas: 1706791)

This demonstrates that the user was able to mint 50 NFTs in a single transaction sequence, confirming the contract’s vulnerability to rapid inflation.

Impact

  • NFT Supply Inflation: Unlimited egg minting undermines the intended rarity of NFTs.

  • Economic Exploitation: Attackers can flood the vault or secondary markets with eggs.

  • Loss of Trust: If users perceive the game as abusable or unfair, they may stop participating.

  • System Abuse: Bots or scripts can repeatedly call the function to mint thousands of NFTs.

Tools Used

Foundry

Recommendations

To address the issue, consider implementing one or more of the following:

  1. Mint Cap per Player: Limit how many eggs each address can mint per game session.

  2. Global Supply Cap: Set a hard cap on the total number of eggs that can exist.

  3. Cooldown Periods: Enforce a delay (e.g. 30 seconds) between searchForEgg() calls per user.

  4. Dynamic Difficulty: Reduce eggFindThreshold as more eggs are minted, to slow inflation.

  5. Require Payment or Staking: Make users pay a small fee or stake tokens to search, deterring spam.

Updates

Lead Judging Commences

m3dython Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

No rate limiting

Contract lacks any cooldown mechanism, search limits, or costs in the searchForEgg() function

Appeal created

mishoko Auditor
5 months ago
m3dython Lead Judge
5 months ago
farismaulana Auditor
5 months ago
m3dython Lead Judge
5 months ago
m3dython Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

No rate limiting

Contract lacks any cooldown mechanism, search limits, or costs in the searchForEgg() function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.