Sales Model 3 Includes Airdrops tokens to get price instead of just Minted tokens #246
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-381
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/ff8cfc5529ee4a567e1ce1533b4651d6626d1def/smart-contracts/MinterContract.sol#L536
Vulnerability details
Impact
Users will have to pay more than usual when minting from a collection that utilizes the Period Model and has a rate set.
Proof of Concept
For sales model 3, the protocol wants the price to increase as minting increases when rate is set.
https://seize-io.gitbook.io/nextgen/nextgen-smart-contracts/minter
In the bid to achieve that, the code is implemented as seen below:
https://github.com/code-423n4/2023-10-nextgen/blob/ff8cfc5529ee4a567e1ce1533b4651d6626d1def/smart-contracts/MinterContract.sol#L535-L536
However, instead of considering only the actual minted tokens, the calculation utilizes the entire circulationSuplly which includes the airdropped tokens, this oversight will abnormally increase the price to be paid by users when minting than it's supposed to be.
A proof that circulationSupply includes airdrops
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/NextGenCore.sol#L180
Add this PoC to
nextGen.test.js
fileOutput
Tools Used
Manual report and Hardhat.
Recommended Mitigation Steps
Exclude airdropped tokens from the calculation, as the documentation explicitly specifies that the increase should solely be determined by minted tokens.
To implement this, you can maintain a record of the total airdropped token quantity and deduct that amount from the circulation supply.
Assessed type
Math
The text was updated successfully, but these errors were encountered: