Submission Details
Impact:
Likelihood:
Unbounded Mint Loop
Root + Impact
Description
-
There is no maximum limit on the amount of mint that can be minted in a single transactions.
-
This can lead to a Denial of Service(DoS) attack on the protocol.
```
// Each call to mintSnowman could attempt to mint an arbitrary number of NFTS in single transaction
@> function mintSnowman(address receiver, uint256 amount) external {
for (uint256 i = 0; i < amount; i++) {
_safeMint(receiver, s_TokenCounter);
emit SnowmanMinted(receiver, s_TokenCounter);
s_TokenCounter++;
}
}
```
Risk
Likelihood:
-
Reason 1 : no restriction on the amount that can be minted
-
Reason 2: This is because minting occurs in a for loop and it will run as far as i < amount.
Impact:
-
Denail of Service(Dos)
-
Griefing Vector
Proof of Concept
```
// Each call to mintSnowman could attempt to mint an arbitrary number of NFTS in single transaction
// User can set amount to like 2e18.
function mintSnowman(address receiver, uint256 amount) external {
for (uint256 i = 0; i < amount; i++) {
_safeMint(receiver, s_TokenCounter);
emit SnowmanMinted(receiver, s_TokenCounter);
s_TokenCounter++;
}
}
```
Recommended Mitigation
+ uint256 public constant MAX_MINT_PER_TX = 100;
function mintSnowman(address receiver, uint256 amount) external onlyOwner {
+ if (amount > MAX_MINT_PER_TX) revert SM__NotAllowed();
for (uint256 i = 0; i < amount; i++) {
_safeMint(receiver, s_TokenCounter);
emit SnowmanMinted(receiver, s_TokenCounter);
s_TokenCounter++;
}
}
Rewards breakdown
nSLOC
215This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.