NFT Dealers
First Flight #58
Beginner FriendlyFoundry
100 EXP
View all submissions
Previous Next
Submission Details
Impact: low
Likelihood: medium

`updatePrice()` skips `MIN_PRICE` check — sellers can set price below 1 USDC

Author Revealed upon completion

Root + Impact

Description

  • list() enforces require(_price >= MIN_PRICE) but updatePrice() only checks _newPrice > 0. Sellers can bypass the price floor after listing.

function updatePrice(uint256 _listingId, uint32 _newPrice) external onlySeller(_listingId) {
// ...
require(_newPrice > 0, "Price must be greater than 0");
// @> missing: require(_newPrice >= MIN_PRICE)
s_listings[_listingId].price = _newPrice;
}

Risk

Likelihood:

  • Any seller calls updatePrice with a value between 1 and 999,999 (below 1 USDC)

Impact:

  • Breaks the protocol's price floor invariant. Fee calculations on sub-USDC prices yield near-zero fees

Proof of Concept

A seller lists at 1 USDC (valid), then calls updatePrice(tokenId, 1) setting price to 0.000001 USDC. The > 0 check passes but >= MIN_PRICE is never enforced, breaking the price floor.

Recommended Mitigation

Apply the same MIN_PRICE check used in list() to maintain a consistent price floor across both creation and update paths.

function updatePrice(uint256 _listingId, uint32 _newPrice) external onlySeller(_listingId) {
// ...
- require(_newPrice > 0, "Price must be greater than 0");
+ require(_newPrice >= MIN_PRICE, "Price must be at least 1 USDC");
s_listings[_listingId].price = _newPrice;
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!