Snowman Merkle Airdrop
First Flight #42
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Unbounded loop in `mintSnowman` leads to potential Denial of Service (DoS)

fredo182

Root + Impact

Description

The Snow::mintSnowman function contains an unbounded for look that mints NFTs one at a time based on the amount parameter.

Since amount is not capped, the caller can pass in a very large value, causing the transaction to exceed the block gas limit. This results in a failed transaction and and prevents minting for all uses under similar conditions.

Risk

Likelihood: High
Impact: High

  • High likelihood because the function accepts an unbounded user-defined parameter.

  • High impact as it can cause Denial of Service, making minting fail consistently for valid users due to excesive gas usage.

Proof of Concept

// Example attack that causes the transaction to run out of gas
snowman.mintSnowman(attacker, 1000000); // Extremely large number

This results in a gas exhaustion error and reverts the transaction, making it impossible to mint in a single transaction

Recommended Mitigation

Impose a reasonable upper bound on the amount parameter to prevent abuse and unintentional failures.

uint256 constant MAX_MINT_BATCH = 100;
function mintSnowman(address receiver, uint256 amount) external {
require(amount > 0 && amount <= MAX_MINT_BATCH, "Invalid mint amount");
for (uint256 i = 0; i < amount; i++) {
_safeMint(receiver, s_TokenCounter);
emit SnowmanMinted(receiver, s_TokenCounter);
s_TokenCounter++;
}
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.