NFT Dealers

First Flight #58

Beginner FriendlyFoundry

100 EXP

View all submissions

Previous Next

Submission Details

Impact: low

Likelihood: medium

### [L-1] `updatePrice()` does not enforce `MIN_PRICE`, allowing price to be set below 1 USDC

Author Revealed upon completion

Description: list() enforces _price >= MIN_PRICE, but updatePrice() only checks _newPrice > 0, allowing sellers to update their listing price to any value between 1 wei and MIN_PRICE - 1.

function updatePrice(uint256 _listingId, uint32 _newPrice) external onlySeller(_listingId) {

// ...

@> require(_newPrice > 0, "Price must be greater than 0");

// Missing: require(_newPrice >= MIN_PRICE, ...)

}

Impact: Sellers can bypass the minimum price constraint after listing, undermining the protocol's price floor.

Proof of Concept:

A seller can list at a valid price then immediately update it to 1 wei, bypassing MIN_PRICE entirely.

Run forge test --match-test test_poc_L1 -vvv to see the following output:

Logs:

MIN_PRICE: 1000000

Updated price: 1

PoC Test Code

function test_poc_L1_updatePriceBelowMinPrice() public {

vm.startPrank(owner);

nftDealers.revealCollection();

nftDealers.whitelistWallet(userWithCash);

vm.stopPrank();

vm.startPrank(userWithCash);

usdc.approve(address(nftDealers), 20e6);

nftDealers.mintNft();

nftDealers.list(1, uint32(100e6));

vm.stopPrank();

// MIN_PRICE = 1e6 (1 USDC), but updatePrice allows any value > 0

uint32 belowMinPrice = 1; // 0.000001 USDC

vm.prank(userWithCash);

nftDealers.updatePrice(1, belowMinPrice);

(, uint32 listedPrice,,,) = nftDealers.s_listings(1);

console.log("MIN_PRICE: ", nftDealers.MIN_PRICE());

console.log("Updated price: ", listedPrice);

assert(listedPrice < nftDealers.MIN_PRICE());

}

Recommended Mitigation: Add require(_newPrice >= MIN_PRICE, "Price must be at least 1 USDC"); to updatePrice().

function updatePrice(uint256 _listingId, uint32 _newPrice) external onlySeller(_listingId) {

// ...

- require(_newPrice > 0, "Price must be greater than 0");

+ require(_newPrice >= MIN_PRICE, "Price must be at least 1 USDC");

}

Rewards breakdown

nSLOC

253

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!