MinterContract.getPrice :: Different pricing for same collection due to improper timestamp validation #1407
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-1275
edited-by-warden
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/MinterContract.sol#L540
Vulnerability details
Impact
Severity : High (ex: a salesOption that increases price over time, will incur a heavy loss if token id minted at exact
publicEndTime
)Proof of Concept
MinterContract.mint
function, when minting,MinterContract.getPrice
can be abused for different pricing for same collection. Due to following improper timestamp validation.allowlistStartTime
orpublicEndTime
.allowlistStartTime
&publicEndTime
instead of <= and >=.allowlistStartTime
orpublicEndTime
and get away with exactcollectionMintCost
instead of price increase or decrease due to the time difference, number of mints, rate and other collection costs parametersTools Used
Manual review & foundry testing
Recommended Mitigation Steps
Assessed type
Invalid Validation
The text was updated successfully, but these errors were encountered: