Snowman Merkle Airdrop
First Flight #42
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

unbounded mints of snowman

neomartis

Root + Impact

Description

  • Snowman should be minted during the airdrop on SnowmanAirdrop.sol

  • Current implementation allows anyone to mint unlimited Snowman due to a lack of access control

//@> function mintSnowman(address receiver, uint256 amount) external {
for (uint256 i = 0; i < amount; i++) {
_safeMint(receiver, s_TokenCounter);
emit SnowmanMinted(receiver, s_TokenCounter);
s_TokenCounter++;
}
}

Risk

Likelihood:

  • Anyone who knows about this vulnerability can mint infinite amount of Snowman

  • It is easy to detect this vulnerability by users by just random calling the function

Impact:

  • Inflation of the NFT supply basically removing the value of the whole airdrop

Proof of Concept

  1. Add access control to the mint function via Ownable(already inheritted)

  2. Ensure that the SnowmanAairdrop.sol is owner of Snowman.sol

Considerations: alternatively, another access control can be implemented (not owner), by adding a custom check on snowmanAirdrop address, or using AccessControl

Recommended Mitigation

Add the onlyOwner modifier to mintSnowman

- function mintSnowman(address receiver, uint256 amount) external {
+ function mintSnowman(address receiver, uint256 amount) external onlyOwner {
for (uint256 i = 0; i < amount; i++) {
_safeMint(receiver, s_TokenCounter);
emit SnowmanMinted(receiver, s_TokenCounter);
s_TokenCounter++;
}
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Unrestricted NFT mint function

The mint function of the Snowman contract is unprotected. Hence, anyone can call it and mint NFTs without necessarily partaking in the airdrop.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.