NFT Dealers
First Flight #58
Beginner FriendlyFoundry
100 EXP
View all submissions
Previous Next
Submission Details
Impact: low
Likelihood: medium

`MIN_PRICE` is Bypassable via `updatePrice` — Seller Can List at $1 Then Update to 1 Wei

Author Revealed upon completion

inks

  • src/NFTDealers.sol:131-135list() enforces MIN_PRICE

  • src/NFTDealers.sol:189-197updatePrice() only checks > 0

Vulnerability Details

The list function enforces a minimum listing price of $1 USDC via require(_price >= MIN_PRICE, ...):

// NFTDealers.sol:132
require(_price >= MIN_PRICE, "Price must be at least 1 USDC");

However, updatePrice only checks that the new price is greater than zero:

// NFTDealers.sol:194
require(_newPrice > 0, "Price must be greater than 0");

A seller can list at exactly $1 USDC to pass the MIN_PRICE check, then immediately call updatePrice to set the price as low as 1 wei ($0.000001 USDC). This completely bypasses the minimum price the protocol defined and renders the MIN_PRICE constant useless.

Impact

The MIN_PRICE enforcement provides no real protection since it can be instantly bypassed via updatePrice. Any seller can set their listing to an effectively zero price in two transactions. The MIN_PRICE constant and its check in list() are dead code from a security standpoint.

Recommended Mitigation

Add the MIN_PRICE check to updatePrice:

function updatePrice(uint256 _listingId, uint32 _newPrice) external onlySeller(_listingId) {
Listing memory listing = s_listings[_listingId];
uint256 oldPrice = listing.price;
if (!listing.isActive) revert ListingNotActive(_listingId);
- require(_newPrice > 0, "Price must be greater than 0");
+ require(_newPrice >= MIN_PRICE, "Price must be at least 1 USDC");
s_listings[_listingId].price = _newPrice;
emit NFT_Dealers_Price_Updated(_listingId, oldPrice, _newPrice);
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!