Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Wrong supply when configuring an ongoing Pass

0xziin

Root + Impact

When configurePass() on an ongoing Pass that have already a supply > 0, it resets the counting of the supply to 0 but in reality the supply is still greater than 0. Then the real supply could be > max supply which should never happen.

Description

  • When updating an existing/ongoing Pass with a certain supply (>0), when configuring it to change the Price and maxSupply it shouldn't affect the actual supply counting.

  • Here in that case it resets the counting of the actual supply to 0, but in reality the actual supply didn't change.

function configurePass(
uint256 passId,
uint256 price,
uint256 maxSupply
) external onlyOrganizer {
require(passId == GENERAL_PASS || passId == VIP_PASS || passId == BACKSTAGE_PASS, "Invalid pass ID");
require(price > 0, "Price must be greater than 0");
require(maxSupply > 0, "Max supply must be greater than 0");
passPrice[passId] = price;
passMaxSupply[passId] = maxSupply;
@> passSupply[passId] = 0; // Reset current supply which shouldn't happen because the actual supply is still the same
}

Risk

Likelihood: High

  • Whenever configurePass() is used to update an ongoing Pass with a supply > 0

Impact: Low

  • It messes with the counting of the supply

  • A pass is able to have an actual supply > maxSupply

Proof of Concept

1/ Create a pass
2/ Mint some tokens
3/ Configure that pass to change the Max Supply and/or the Price
4/ Check that the counting of the supply is reset to 0 but past tokens still exist

Recommended Mitigation

Remove the last line of code from the configurePass() function or authorize only to configure when the actual supply is = 0, using require(passSupply[passId] == 0);

function configurePass(
uint256 passId,
uint256 price,
uint256 maxSupply
) external onlyOrganizer {
require(passId == GENERAL_PASS || passId == VIP_PASS || passId == BACKSTAGE_PASS, "Invalid pass ID");
require(price > 0, "Price must be greater than 0");
require(maxSupply > 0, "Max supply must be greater than 0");
+ require(passSupply[passId] == 0);
passPrice[passId] = price;
passMaxSupply[passId] = maxSupply;
- passSupply[passId] = 0; // Reset current supply
function configurePass(
uint256 passId,
uint256 price,
uint256 maxSupply
) external onlyOrganizer {
require(passId == GENERAL_PASS || passId == VIP_PASS || passId == BACKSTAGE_PASS, "Invalid pass ID");
require(price > 0, "Price must be greater than 0");
require(maxSupply > 0, "Max supply must be greater than 0");
passPrice[passId] = price;
passMaxSupply[passId] = maxSupply;
- passSupply[passId] = 0; // Reset current supply
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

configurePass resets the current pass supply circumventing the max supply check

This is not acceptable as high because any attack vectors related to organizer trying to milk ETH from participants is voided by the fact that the organizer is trusted.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.