Unbounded NFT Minting Can Lead to DoS (Unrestricted Loop + Gas Exhaustion) in `Snowman.sol::mintSnowman()` funtion
The `Snowman.sol::mintSnowman()` function allows any external caller to mint any number of NFTs by specifying an arbitrary amount without upper limits or access control. The function uses a for loop to mint each NFT, which becomes increasingly gas-expensive as amount grows.
Impact:
A malicious user can call `mintSnowman()` with a very large amount (e.g., 1_000_000). This will either: Consume excessive gas and revert, causing DoS by exhausting block gas limits. If allowed, bloat the state with excessive NFTs and increase the gas cost of interacting with this contract. This can deny access to other users or crash frontends due to unreasonably large token lists or slow responses.
Proof of Concept:
past the following code in you `TestSnowman.t.sol`
Expected consequences: Transaction fails due to block gas limit. Or succeeds, bloating storage and increasing gas cost of functions like `tokenURI()` and `getTokenCounter()`. Future calls by others could fail due to gas exhaustion or run into degraded performance.
Recommended Mitigation
Add a maximum minting limit per transaction:
Lead Judging Commences
Unrestricted NFT mint function
The mint function of the Snowman contract is unprotected. Hence, anyone can call it and mint NFTs without necessarily partaking in the airdrop.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.