Submission Details
Severity:
Unrestricted NFT Minting Allows Infinite Supply in Snowman::mintSnowman
Unrestricted NFT Minting Allows Infinite Supply in Snowman::mintSnowman
Summary
The Snowman::mintSnowman function has no access controls, allowing any address to mint unlimited NFTs to any recipient, completely bypassing the intended airdrop mechanism.
Vulnerability Details
// src/Snowman.sol:35-42
function mintSnowman(address receiver, uint256 amount) external {
for (uint256 i = 0; i < amount; i++) {
_safeMint(receiver, s_TokenCounter);
emit SnowmanMinted(receiver, s_TokenCounter);
s_TokenCounter++;
}
}
Impact
Any user can clain unlimited NFTs without Snow tokens.
Proof of concept
contract AttackContract {
function exploitUnlimitedMinting(address snowmanContract) external {
// Any user can mint 1 million NFTs without any Snow tokens
Snowman(snowmanContract).mintSnowman(msg.sender, 1_000_000);
}
}
Recommendations
Restrict to airdrop contract only.
+ address public immutable airdropContract;
+ modifier onlyAirdropContract() {
+ if (msg.sender != airdropContract) revert SM__NotAllowed();
+ _;
+ }
...
- function mintSnowman(address receiver, uint256 amount) external {
+ function mintSnowman(address receiver, uint256 amount) external onlyAirdropContract {
// existing logic
}
Updates
Lead Judging Commences
yeahchibyke 26 days ago
Submission Judgement Published Assigned finding tags:
Unrestricted NFT mint function
The mint function of the Snowman contract is unprotected. Hence, anyone can call it and mint NFTs without necessarily partaking in the airdrop.
Rewards breakdown
nSLOC
215This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.