Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

Allows Unlimited Passes Per User

cyber00t

Description

  • In the current implementation of the buyPass function, there is no restriction on the number of passes a single user can purchase.

  • This enables a single wallet to monopolize pass types (e.g., VIP, BACKSTAGE), potentially farming welcome bonuses or gaining unfair access to benefits like performance rewards multipliers.

function buyPass(uint256 collectionId) external payable {
...
_mint(msg.sender, collectionId, 1, ""); // @> No limit on how many passes a user can mint
...
}

Risk

Likelihood:

  • Any user can purchase passes repeatedly without restriction.

  • Users motivated by token rewards or status could exploit this to farm welcome bonuses or gain priority access.

Impact:

  • Breaks fairness assumptions — festival access meant to be exclusive (e.g., limited VIP slots) becomes meaningless.

  • Allows gaming of BEAT token system, especially for BACKSTAGE passes that mint more tokens.

  • Could impact tokenomics or pass resale markets if abused.

Proof of Concept

// Attacker buys multiple BACKSTAGE passes:
for (uint i = 0; i < 100; i++) {
festivalPass.buyPass{value: 0.5 ether}(3); // 200 BEAT per pass
}
// Earns 20,000 BEAT tokens unfairly

Recommended Mitigation

+ require(balanceOf(msg.sender, collectionId) == 0, "Pass already owned");
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.