Beatland Festival

First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Submission Details
Impact: low
Likelihood: low
Invalid

# Uncapped `baseReward` — Accidental BEAT Hyper-Inflation

Uncapped baseReward — Accidental BEAT Hyper-Inflation

Description

  • Normal behaviour: createPerformance() should mint a reasonable amount of BEAT tokens to attendees based on the organiser-defined baseReward.

  • Issue: The function places no upper bound on reward. A fat-finger mistake (e.g. 1e60) or a malicious organiser can schedule a performance whose payout dwarfs the total BEAT supply, breaking token economics instantly.

// FestivalPass.sol
function createPerformance(uint256 start, uint256 duration, uint256 reward) external onlyOrganizer {
require(duration > 0, "Duration must be greater than 0");
@> performances[performanceCount] = Performance({ startTime: start, endTime: start + duration, baseReward: reward });
}

Risk

Likelihood:

  • Human data-entry errors are common; a misplaced decimal could set reward to 10¹⁸ times intended value.

  • No UI guard rails if transactions are crafted offline.

Impact:

  • A single attendance call would mint astronomical BEAT, immediately devaluing the token and harming all holders.

  • Emergency contract upgrade or migration would be required.

Proof of Concept

// organiser sets reward = 1e40
festivalPass.createPerformance(block.timestamp+1 hours, 2 hours, 1e40);
// first attendee mints 1e40 * multiplier BEAT — > totalSupply explodes.

Recommended Mitigation

+ uint256 constant MAX_BASE_REWARD = 1e22; // 10 million BEAT, adjust to tokenomics
function createPerformance(uint256 start, uint256 duration, uint256 reward) external onlyOrganizer {
require(start > block.timestamp, "Start time must be in the future");
require(duration > 0, "Duration must be greater than 0");
+ require(reward <= MAX_BASE_REWARD, "Reward too large");
...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.