Weather Witness

First Flight #40

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Economic Vulnerability: Unbounded Mint Price Escalation

mimis

Description

The contract allows unlimited minting with a continuously increasing price mechanism, lacking maximum supply or price caps.

Risk

Severity: Medium
Likelihood: High

Summary

Each mint operation increases the price by a fixed amount without upper bounds, potentially leading to economic attacks and denial of service.

Vulnerability Details

Root Cause: Uncapped price increase in minting mechanism:

s_currentMintPrice += s_stepIncreasePerMint;

Attack Scenario:

Attacker with significant funds mints multiple NFTs rapidly
Each mint increases price
Price becomes prohibitively expensive
Regular users priced out of participation

Proof of Concept

// Test file demonstrating the attack

function testPriceManipulation() public {

uint256 initialPrice = weatherNft.s_currentMintPrice();

// Mint 100 NFTs to drive up price

for(uint256 i = 0; i < 100; i++) {

vm.deal(attacker, initialPrice * 2);

vm.prank(attacker);

weatherNft.requestMintWeatherNFT{value: weatherNft.s_currentMintPrice()}(

"123456",

"US",

false,

3600,

);

}

// Price becomes unreachable for normal users

assertGt(weatherNft.s_currentMintPrice(), 100 ether);

}

Initial State: Mint price starts at initial value.

Step 1: Attacker mints multiple NFTs in succession
Step 2: Each mint increases price by fixed amount
Step 3: Price becomes prohibitively expensive for legitimate users

Outcome: Price manipulation and denial of service

Implications: Makes the system inaccessible to regular users

Impact

Economic denial of service
Price manipulation
Exclusion of legitimate users

Tools Used

Manual Review

Recommendations

contract WeatherNft {

uint256 public constant MAX_SUPPLY = 10000;

uint256 public constant MAX_MINT_PRICE = 100 ether;

function requestMintWeatherNFT(...) external payable returns (bytes32 _reqId) {

require(s_tokenCounter <= MAX_SUPPLY, "Max supply reached");

require(s_currentMintPrice <= MAX_MINT_PRICE, "Max price reached");

// ...existing code...

}

Updates

Appeal created

bube Lead Judge 5 months ago

Submission Judgement Published

Validated

Assigned finding tags:

The price of the token is increased before the token is minted

Rewards breakdown

nSLOC

236

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.