Weather Witness

First Flight #40

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Unbounded Price Inflation Vulnerability

elyas6126

Root + Impact

The NFT mint price increases with every mint without an upper limit, eventually making the NFT economically inaccessible to users. This undermines the long-term utility of the contract as the price will grow to unreasonable levels over time.

Description

Normal behavior: Each successful NFT mint increases the price by a small fixed amount (s_stepIncreasePerMint), creating a demand-based pricing curve.
Issue: There is no maximum cap on how high the price can go. Over time, as more NFTs are minted, the price will continuously rise until it becomes economically unreasonable for the utility provided by a weather NFT.

function requestMintWeatherNFT(

// parameters

) external payable returns (bytes32 _reqId) {

require(msg.value == s_currentMintPrice, WeatherNft__InvalidAmountSent());

@> s_currentMintPrice += s_stepIncreasePerMint;

// Rest of function...

}

Risk

Likelihood:

The price inflation is cumulative and guaranteed to occur with each successful mint
No mechanism exists to decrease the price or reset it over time

Impact:

Eventually the price becomes prohibitively expensive, making the NFT inaccessible to new users
The contract's utility becomes effectively disabled for most users when the cost exceeds the reasonable value of the service

Proof of Concept

The calculation shows how mint price becomes unreasonable over time: after 10,000 mints, price reaches 10.01 ETH (~$25000), making the weather NFT economically inaccessible to most users.

// Assume starting price of 0.01 ETH and step increase of 0.001 ETH

// After 1,000 mints: 0.01 + (0.001 * 1000) = 1.01 ETH

// After 10,000 mints: 0.01 + (0.001 * 10000) = 10.01 ETH

// After 100,000 mints: 0.01 + (0.001 * 100000) = 100.01 ETH

function test_demonstrateUnboundedPriceGrowth() public {

uint256 initialPrice = 0.01 ether;

uint256 stepIncrease = 0.001 ether;

uint256 numberOfMints = 1000;

uint256 finalPrice = initialPrice + (stepIncrease * numberOfMints);

// finalPrice would be 1.01 ETH

// At current ETH prices (~$2500), the NFT would cost $2525

// Far exceeding reasonable value for a weather data NFT

}

Recommended Mitigation

Adds a maximum price cap to prevent runaway inflation while preserving the demand-based pricing mechanism, ensuring the NFT remains accessible long-term.

// Add a maximum price cap

+ uint256 public s_maxMintPrice;

// In constructor

+ s_maxMintPrice = 0.1 ether; // Set a reasonable maximum price

// In requestMintWeatherNFT function

require(msg.value == s_currentMintPrice, WeatherNft__InvalidAmountSent());

- s_currentMintPrice += s_stepIncreasePerMint;

+ // Only increase price if below maximum

+ if (s_currentMintPrice + s_stepIncreasePerMint <= s_maxMintPrice) {

+ s_currentMintPrice += s_stepIncreasePerMint;

+ }

Updates

Appeal created

bube Lead Judge 5 months ago

Submission Judgement Published

Validated

Assigned finding tags:

The price of the token is increased before the token is minted

Rewards breakdown

nSLOC

236

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.