-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple mints can brick any form of salesOption
3 mintings
#380
Comments
141345 marked the issue as sufficient quality report |
a2rocket (sponsor) confirmed |
alex-ppg marked the issue as duplicate of #2012 |
alex-ppg marked the issue as selected for report |
The Warden's submission was selected as the best given that it illustrates the problem by citing the relevant documentation of the project, contains a valid PoC, and acknowledges the difficulty in rectifying this issue. While the submission has under-estimated the issue's severity, the relevant high-severity issues (#2012, #1123, #939, #632, #631, #89) were not of sufficient quality and the best candidate (#1123) minimizes the issue's applicability and does not advise a proper recommendation either. To alleviate the issue, the Sponsor is advised to implement a "start date" for the periodic sales that is reconfigured whenever a periodic sale is re-instated. This would permit the |
alex-ppg marked the issue as satisfactory |
alex-ppg changed the severity to 3 (High Risk) |
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/MinterContract.sol#L252
Vulnerability details
Impact
As explained by the sponsor, some collections might want to conduct multiple mints on different days. However, due to the way
salesOption
3 works, these multiple mints might encounter issues.Proof of Concept
A collection has completed its first mint, where it minted 500 NFTs. However, the collection consists of 1000 NFTs, so the owner plans to schedule another mint, this time using sales option 3.
allowlistStartTime
allowlistEndTime
publicStartTime
publicEndTime
timePeriod
The first user's mint will proceed smoothly since
timeOfLastMint
falls within the previous mint period. However, the second user's mint will fail. The same applies to all other whitelisted users. This issue arises due to the following block:This calculation extends the allowed time significantly, granting the second minter an allowed time of
allowlistStartTime + 1 min * (500-1) = allowlistStartTime + 499 min
, which is equivalent to 8 hours and 19 minutes afterallowlistStartTime
. This enables the second user to mint at 12:19 AM, long after the whitelist has ended and in the middle of the public sale. And if anyone tries to mint his call will revert withunderflow
error, astimeOfLastMint
>block.timestamp
.It's worth noting that some collections may disrupt the whitelist, while others could brick the entire mint process, especially if there are more minted NFTs or a longer minting period.
POC
Gits - https://gist.github.com/0x3b33/677f86f30603dfa213541cf764bbc0e8
Add to remappings -
contracts/=smart-contracts/
Run it with
forge test --match-test test_multipleMints --lib-paths ../smart-contracts
Tools Used
Manual review.
Recommended Mitigation Steps
For this fix I am unable to give any suggestion as big parts of the protocol need to be re-done. I can only point out the root cause of the problem, which is
(gencore.viewCirSupply(col) - 1)
in the snippet below.Assessed type
Error
The text was updated successfully, but these errors were encountered: