Missing Zero Amount Validation in Snowman.sol::mintSnowman
Root + Impact
Root: The mintSnowman function accepts an amount parameter without validating that it's greater than zero, allowing calls with zero amount that consume gas without minting any NFTs.
Impact: Users waste gas on meaningless transactions that execute successfully but mint no tokens, leading to poor user experience and unnecessary transaction costs.
Description
-
Normal Behavior: Minting functions should validate that the amount parameter is greater than zero to prevent wasteful operations that provide no value.
-
Specific Issue: Calling
mintSnowman(receiver, 0)will execute successfully, emit events, but mint zero NFTs, consuming gas for no purpose and potentially confusing monitoring systems.
Risk
Likelihood: Medium
-
Frontend bugs or integration errors could accidentally pass zero as the amount parameter
-
Users might mistakenly call the function with zero amount during testing or interaction
-
No validation exists to prevent these wasteful operations
Impact: Low
-
Gas Waste: Unnecessary gas consumption for operations that mint no tokens
-
Misleading Events:
SnowmanMintedevents may be emitted even when no actual minting occurs -
Poor User Experience: Users pay transaction fees without receiving any NFTs in return
Recommended Mitigation
Add validation for the amount parameter to prevent zero-amount minting operations.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.