NFT Dealers
First Flight #58
Beginner FriendlyFoundry
100 EXP
View all submissions
Previous Next
Submission Details
Impact: high
Likelihood: high

uint32 price caps listings at ~$4,294 — fee tiers unreachable

Author Revealed upon completion

Root + Impact

Description

Listing.price is uint32, which maxes at 4,294,967,295. With USDC's
6 decimals, the maximum price is ~$4,294.96. The MID_FEE_THRESHOLD (10,000
USDC) and HIGH_FEE_BPS tier are unreachable. Any NFT worth more than ~$4,294
cannot be listed.

struct Listing {
address seller;
@> uint32 price; // max ~4,294 USDC
address nft;
uint256 tokenId;
bool isActive;
}
uint256 private constant MID_FEE_THRESHOLD = 10_000e6; // unreachable with uint32

Risk

Likelihood

  • High — USDC uses 6 decimals; any NFT priced above ~$4,294 silently
    truncates the price, causing massive loss.

Impact

  • High — Sellers lose value on high-priced NFTs. Two of three fee tiers
    are dead code. The marketplace cannot function for valuable NFTs.

Proof of Concept

A seller tries to list at 5,000 USDC (5000e6 = 5,000,000,000). This exceeds
uint32.max (4,294,967,295), so the value silently truncates to a much lower
number, selling the NFT for far less than intended.

function test_uint32Truncation() public {
uint32 price = uint32(5000e6); // 5,000,000,000 truncates
assert(price != 5000e6); // truncated — seller loses ~$705
}

Recommended Mitigation

Change price to uint256 to support the full USDC range.

struct Listing {
address seller;
- uint32 price;
+ uint256 price;
address nft;
uint256 tokenId;
bool isActive;
}
- function list(uint256 _tokenId, uint32 _price) external onlyWhitelisted {
+ function list(uint256 _tokenId, uint256 _price) external onlyWhitelisted {
- function updatePrice(uint256 _listingId, uint32 _newPrice) external onlySeller(_listingId) {
+ function updatePrice(uint256 _listingId, uint256 _newPrice) external onlySeller(_listingId) {

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!