Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

[L-1] Off-by-One Error in `FestivalPass::redeemMemorabilia` Using `maxSupply - 1`

shahraj2605

Description

In the `FestivalPass::redeemMemorabilia` function, a memorabilia item is minted only if:
```javascript
require(collection.currentItemId < collection.maxSupply, "Collection sold out");
```
However, this logic prevents minting the final item, effectively allowing only maxSupply - 1 items to be created.
-> This happens because currentItemId is incremented after the check,
and currentItemId starts at 1. If maxSupply = 5, the final allowed currentItemId will be 4,
and the 5th item will never be minted.

Risk

Impact:

1. confusing users expecting full supply
2. reducing available memorabilia
3. causing supply and demand inconsistencies

Proof of Concept

```javascript
// Setup
collection.maxSupply = 5;
collection.currentItemId = 1;
// Minting loop
while (true) {
festivalPass.redeemMemorabilia(collectionId);
}
// Expected behavior: 5 items minted
// Actual behavior: Only 4 items minted
// When currentItemId == 5:
// 5 < 5 → false
// => revert with "Collection sold out"
```
Only item IDs 1 through 4 are minted. The 5th and final item (ID 5) is blocked.

Recommended Mitigation

```diff
function redeemMemorabilia(uint256 collectionId) external {
MemorabiliaCollection storage collection = collections[collectionId];
require(collection.priceInBeat > 0, "Collection does not exist");
require(collection.isActive, "Collection not active");
- require(collection.currentItemId < collection.maxSupply, "Collection sold out");
+ require(collection.currentItemId <= collection.maxSupply, "Collection sold out");
```
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Off by one error in redeemMemorabilia

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.