Frontrunning risk due to shared mutable `s_currentMintPrice` state
Root + Impact
Description
The s_currentMintPrice variable is used to validate the user’s payment with:
-
Immediately after this check,
s_currentMintPriceis incremented bys_stepIncreasePerMint, creating a shared mutable state that changes every time the function is called. This allows a frontrunning scenario where:1. A user reads
s_currentMintPriceoff-chain and prepares a transaction withmsg.value == s_currentMintPrice.2. Another user submits a transaction that gets mined first and increments the mint price.
3. The first user's transaction reverts because msg.value is now lower than the updated price.
-
This race condition makes it difficult for users to reliably mint unless they monopolize block space or overpay for priority.
-
Also, one user's mint will increase price for others, which promotes the "early user subsidy".
Risk
Likelihood:
The state update occurs per call and is easily predictable and exploitable by frontrunners.
Impact:
Can cause failed user transactions, wasted gas, and poor UX. Potentially exploitable by bots to deny access or extract MEV
Recommended Mitigation
A simple fix would be to store the mint price per user before they mint
Appeal created
The price of the token is increased before the token is minted
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.