Snowman Merkle Airdrop

AI First Flight #10

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Submission Details

Impact: medium

Likelihood: medium

Invalid

Misplacement of variables and possible DOS attack

xtbot102

Misplacement of variables in the Snowman::mintSnowMan function and a possible DOS attack.

Description

In the SnowMan::mintSnowMan, the input (uint256 amount) is being iterated and the var s_TokenCounter being increased with each addition of the token.
Explain the specific issue or problem in one or more sentencesIn the SnowMan::mintSnowMan function, the input (uint256 amount) is being iterated in the function instead of the s_TokenCounter.

Also, in line 42 of the contract SnowMan, the var s_TokenCounter is being increased and this could lead to a possible DOS attack whereby an attacker could deliberately keep calling the function in order to go beyond a given gas limit.

The for loop in the SnowMan::mintSnowMan fucntion, instead of going through the s_TokenCounter was iterating through the amount input and also, this for looping could lead to a possible DOS attack by a malicious user.

Risk

Likelihood:

This will occur whenever the SnowMan::mintSnowMan function is called.

Impact:

When the SnowMan::mintSnowMan function is called, it would revert for two reasons; the amount var is being iterated instead of the s_TokenCounter var.
Secondly, the contract will run out of gas and revert due to possible large number of tokens that may present in the array.

Proof of Concept

function mintSnowman(address receiver, uint256 amount) external { for (uint256 i = 0; i < amount; i++) {

_safeMint(receiver, s_TokenCounter);

emit SnowmanMinted(receiver, s_TokenCounter);

s_TokenCounter++;

}

Recommended Mitigation

instead of using for loop for iteration, mapping should be adopted instead as this may lead to less usage of gas and would not possibly revert.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 3 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!