User may get a bad price when minting in a Descending Sale #438
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-1275
edited-by-warden
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/MinterContract.sol#L540
Vulnerability details
Impact
At each time period of a Descending Sale, the minting cost decreases exponentially or linearly until it reaches its resting price (ending minting cost) and stays there until the end of the minting phase. However, user may get a price at
collectionMintCost
(starting price) when minting in a Descending Sale if the token is minted at the end of the sale period.Proof of Concept
User can mint collection item during the public sale period:
When getting the minting price of collection, protocol will first check
salesOption
, ifsalesOption
is 2 (Descending Sale), then protocol comparesblock.timestamp
withpublicEndTime
.Only if
block.timestamp
is less thanpublicEndTime
, protocol will calculate the minting price based on Descending Sale Model:If
block.timestamp
is equal topublicEndTime
, the minting price will becollectionMintCost
, which would be much higher thancollectionEndMintCost
:Please see below test case and run it in nextGen.test.js:
It may not seems like a high chance that the token is minted at
publicEndTime
, however, it's still likely to happen if the collection is very popular and many user want to buy it.Tools Used
Manual Review
Recommended Mitigation Steps
Protocol should calculate the minting price based on Descending Sale Model, when
block.timestamp
is less than or equal topublicEndTime
:Assessed type
Context
The text was updated successfully, but these errors were encountered: