There is no min/max(uint property) boundation of setCollectionCosts function properties. #554
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-1831
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
c4-submissions
added
2 (Med Risk)
|
141345 marked the issue as duplicate of #478 |
|
alex-ppg marked the issue as not a duplicate |
|
alex-ppg marked the issue as duplicate of #1831 |
c4-judge
added
the
unsatisfactory
|
alex-ppg marked the issue as unsatisfactory: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/MinterContract.sol#L157
Vulnerability details
Proof of Concept
There is no min/max boundation of collectionMintCost, collectionEndMintCost,rate,timePeriod.
If collectionEndMintCost is greater than collectionMintCost(as there is no check) then , collectionPhases[_collectionId].collectionMintCost - collectionPhases[_collectionId].collectionEndMintCost(getPrice function line), this will underflow.
If rate is greater than collectionMintCost(as there is no check) then,
collectionPhases[_collectionId].collectionMintCost / collectionPhases[_collectionId].rate(getPrice function line) will return value 0. This will cause less minting cost.
price = collectionPhases[_collectionId].collectionMintCost - (tDiff * collectionPhases[_collectionId].rate); this will create underflow.
There is also no check of salesOption( it must be less than 4 and greater than 0) and delAddress(it must not be address(0) .
Impact
Precision loss and underflow(this will create DOS) may occur.
Tools Used
manual review
Recommended Mitigation Steps
Validate all those properties correctly.
Assessed type
Invalid Validation
The text was updated successfully, but these errors were encountered: