no check _rangeStart<=_rangeEnd #17

code423n4 · 2021-05-08T16:52:42Z

Handle

gpersoon

Vulnerability details

Impact

In NFTXRangeEligibility.sol a range is defined via __NFTXEligibility_init and setEligibilityPreferences.
No check is done to make sure _rangeStart<=_rangeEnd, so one could accidentally define as range that is effectively empty.

Proof of Concept

function setEligibilityPreferences(uint256 _rangeStart, uint256 _rangeEnd) externalvirtual onlyOwner {
rangeStart = _rangeStart;
rangeEnd = _rangeEnd;
emit RangeSet(_rangeStart, _rangeEnd);
}

Tools Used

Editor

Recommended Mitigation Steps

Consider adding a check to make sure _rangeStart<=_rangeEnd

code423n4 added 0 (Non-critical) bug Something isn't working labels May 8, 2021

code423n4 added a commit that referenced this issue May 8, 2021

gpersoon issue #17

f60eb1b

0xKiwi added the Confirmed label May 20, 2021

0xKiwi closed this as completed May 20, 2021

cemozerr reopened this May 25, 2021

cemozerr mentioned this issue May 25, 2021

Explicitly check _rangeEnd >= _rangeStart #32

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

no check _rangeStart<=_rangeEnd #17

no check _rangeStart<=_rangeEnd #17

code423n4 commented May 8, 2021

no check _rangeStart<=_rangeEnd #17

no check _rangeStart<=_rangeEnd #17

Comments

code423n4 commented May 8, 2021

Handle

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps