-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
If an airdrop happens before a mint the price could skyrocket #381
Comments
141345 marked the issue as duplicate of #643 |
alex-ppg marked the issue as not a duplicate |
alex-ppg marked the issue as duplicate of #881 |
alex-ppg marked the issue as not a duplicate |
alex-ppg marked the issue as duplicate of #246 |
alex-ppg marked the issue as selected for report |
alex-ppg marked the issue as satisfactory |
After further consideration, I have decided to merge several periodic mint-related findings into two separate categories:
The reasoning behind this change is that both rely on different aspects of the code and have different root causes. The former highlights a flaw in the I consider this submission to be of a lower severity than #380 correctly given that it can be rectified. Specifically, a A problem when selecting the best report in this submission is that all Warden submissions make mention of "airdropped" tokens and fail to identify that the general circulating supply affects the price in their proposed remediation, such as #380. I have thus chosen this report as the best given that it cites the relevant documentation, contains a privately accessible valid PoC, and provides a basic representation of the pricing formula using mathematical notation to illustrate the problem. |
Hi @alex-ppg, here is why I believe this issue (and its duplicates) should be marked as a duplicate of #380 but with a partial grading.
Thank you for taking the time to read this. |
Hey @mcgrathcoutinho, thanks for contributing! The root cause is not the presence of the circulating supply, it is the incorrect price calculation of a sale model 3. While it may make sense to carry over sale model 3 sales across different periods, it does not make sense to carry over mint restrictions. For example:
To fix this:
A fix for #380 does not fix #381 and vice versa. Both concern different parts of the code and require different alleviations. Arguing that #381 is not possible due to #380 existing in the codebase is not valid reasoning; each submission is treated as a "black box" independently assuming that all other code works as intended. Based on the above, I will maintain these submissions as separate. |
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/MinterContract.sol#L536
Vulnerability details
Impact
As explained by the docs, several steps can occur during the minting process. However, an airdrop before
salesOption
3 can lead to price inflation.Proof of Concept
Under
salesOption
3, getPrice returns:This is the increased rate based on the NFTs already in circulation. If an airdrop occurs before a mint with
salesOption
3, the price will be much higher than intended.Example:
With the current three steps, after the airdrop,
salesOption
3 should start at 1 ETH and gradually increase to 2 ETH. Afterward, it should mint at a constant rate of 2 ETH.However, when sales option 3 starts, getPrice will return 3 ETH instead of 1 ETH. This will cause the initial users to pay an inflated price, which was not intended by the owner and can harm their reputation. It's also unfair to the users, as these so-called special (whitelisted) users will pay increased prices.
POC
Gist - https://gist.github.com/0x3b33/558b919a57101e7a0942e557a464078a
Add to remappings -
contracts/=smart-contracts/
Run it with
forge test --match-test test_airdrop --lib-paths ../smart-contracts
Tools Used
Manual review.
Recommended Mitigation Steps
You can implement a mapping with the airdropped NFTs and deduct this value from
gencore.viewCirSupply(_collectionId)
to avoid disrupting the minting process.Assessed type
Error
The text was updated successfully, but these errors were encountered: