NFT Prices Are Artificially Limited Due to uint32 Price Storage
Using uint32 limits price to around 4294.97 USDC (for 6 decimals tokens like USDC)
Description
-
Normal - It is stated in the docs that ,,NFTs can be sold by users on any price, but the fee will grow with the resell price.'' And as it can be observed the
NFTDealers::_calculateFees()has several checks: for price <=$100 , <=10000 and everything else above that. -
Issue- using uint32 is actually putting a limitation to the price which the user would like to offer for selling his nft.
Risk
Likelihood:
Medium: The issue will occur only when users want to list an nft for sale with a price greater than $4294.97
Impact:
Medium: The impact is that users who would like to sell an nft for a higher price will never be able to do that surprisingly
Proof of Concept
-
Whitelisted account cannot create a listing with a price > $4294.97 through
list()since it uses uint32
Recommended Mitigation
Use uint256 or uint64 only if optimizing storage intentionally
. uint64 should be more than enough , it is equal to ≈ 18 trillion USDC
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.