Can not make sure 1 mint/period when mint at saleoption 3

[c4-submissions]

Lines of code

https://github.com/code-423n4/2023-10-nextgen/blob/2467db02cc446374ab9154dde98f7e931d71584d/smart-contracts/MinterContract.sol#L252

Vulnerability details

Impact

Can not make sure 1 mint/period when minting at saleoption 3. If there is no user mint at the start of mint, the user is able to mint multiple nft at one period which breaks the limit of 1 mint/period.

Proof of Concept

In thefunction mint , if the option is 3, there is a limit of 1 mint/period.The issue is, if no user mint at start time, the lastMintDate the be set to the start of the aution, which allow user to mint multiple nfts at one period.
poc：

const {
  loadFixture,
} = require("@nomicfoundation/hardhat-toolbox/network-helpers")
const { expect } = require("chai")
const { ethers } = require("hardhat")
const fixturesDeployment = require("../scripts/fixturesDeployment.js")

let signers
let contracts

describe("NextGen Tests", function () {
  before(async function () {
    ;({signers, contracts} = await loadFixture(fixturesDeployment))
  })

  //:issue8 poc can not make sure "1 mint/period"
  context("mint multiAtOnePeriod at start in phase3 ", () => {

    it.only("#mint multiAtOnePeriod", async function () {
      await setEnviorment();



      const lastMintDate1 = await contracts.hhMinter.lastMintDate(3);
      console.log("lastMintDate1", lastMintDate1.toString());
      console.log("-----minting 1st token----");
      await contracts.hhMinter.mint(
          3, // _collectionID
          1, // _numberOfTokens
          0, // _maxAllowance
          '{"tdh": "100"}', // _tokenData
          signers.addr1.address, // _mintTo
          ["0x8e3c1713145650ce646f7eccd42c4541ecee8f07040fc1ac36fe071bbfebb870"], // _merkleRoot
          signers.addr1.address, // _delegator
          2, //_varg0
          { value: await contracts.hhMinter.getPrice(3) }
      )

      const lastMintDate2 = await contracts.hhMinter.lastMintDate(3);
      console.log("lastMintDate2", lastMintDate2.toString());
      console.log("-----minting 2st token----");
      await contracts.hhMinter.mint(
          3, // _collectionID
          1, // _numberOfTokens
          0, // _maxAllowance
          '{"tdh": "100"}', // _tokenData
          signers.addr1.address, // _mintTo
          ["0x8e3c1713145650ce646f7eccd42c4541ecee8f07040fc1ac36fe071bbfebb870"], // _merkleRoot
          signers.addr1.address, // _delegator
          2, //_varg0
          { value: await contracts.hhMinter.getPrice(3) }
      )

      const lastMintDate3 = await contracts.hhMinter.lastMintDate(3);
      console.log("lastMintDate3", lastMintDate3.toString());
      console.log("-----minting 3st token----");
      await contracts.hhMinter.mint(
          3, // _collectionID
          1, // _numberOfTokens
          0, // _maxAllowance
          '{"tdh": "100"}', // _tokenData
          signers.addr1.address, // _mintTo
          ["0x8e3c1713145650ce646f7eccd42c4541ecee8f07040fc1ac36fe071bbfebb870"], // _merkleRoot
          signers.addr1.address, // _delegator
          2, //_varg0
          { value: await contracts.hhMinter.getPrice(3) }
      )

      const lastMintDate4 = await contracts.hhMinter.lastMintDate(3);
      console.log("lastMintDate4", lastMintDate4.toString());
      console.log("-----minting 4st token----");
      await contracts.hhMinter.mint(
          3, // _collectionID
          1, // _numberOfTokens
          0, // _maxAllowance
          '{"tdh": "100"}', // _tokenData
          signers.addr1.address, // _mintTo
          ["0x8e3c1713145650ce646f7eccd42c4541ecee8f07040fc1ac36fe071bbfebb870"], // _merkleRoot
          signers.addr1.address, // _delegator
          2, //_varg0
          { value: await contracts.hhMinter.getPrice(3) }
      )

    })
  })



  async function setEnviorment() {

    await contracts.hhCore.createCollection(
        "Test Collection 1",
        "Artist 1",
        "For testing",
        "www.test.com",
        "CCO",
        "https://ipfs.io/ipfs/hash/",
        "",
        ["desc"],
    )

    await contracts.hhCore.createCollection(
        "Test Collection 2",
        "Artist 2",
        "For testing",
        "www.test.com",
        "CCO",
        "https://ipfs.io/ipfs/hash/",
        "",
        ["desc"],
    )

    await contracts.hhCore.createCollection(
        "Test Collection 3",
        "Artist 3",
        "For testing",
        "www.test.com",
        "CCO",
        "https://ipfs.io/ipfs/hash/",
        "",
        ["desc"],
    )




    await contracts.hhAdmin.registerCollectionAdmin(
        1,
        signers.addr1.address,
        true,
    )


    await contracts.hhAdmin.registerCollectionAdmin(
        3,
        signers.addr1.address,
        true,
    )

   
    await contracts.hhCore.setCollectionData(
        3, // _collectionID
        signers.addr1.address, // _collectionArtistAddress
        10, // _maxCollectionPurchases
        100, // _collectionTotalSupply
        1000, // _setFinalSupplyTimeAfterMint
    )

    await contracts.hhCore.addMinterContract(
        contracts.hhMinter,
    )

    await contracts.hhCore.addRandomizer(
        3, contracts.hhRandomizer,
    )

    await contracts.hhMinter.setCollectionCosts(
        3, // _collectionID
        BigInt(1000000000000000000), // _collectionMintCost 1 eth
        0, // _collectionEndMintCost 0.1 eth
        10, // _rate
        200, // _timePeriod
        3, // _salesOptions
        '0xD7ACd2a9FD159E69Bb102A1ca21C9a3e3A5F771B', // delAddress
    )

    await contracts.hhMinter.setCollectionPhases(
        3, // _collectionID
        1698136970, // _allowlistStartTime
        1698136970, // _allowlistEndTime
        1698136970, // _publicStartTime
        1796931278, // _publicEndTime
        "0x8e3c1713145650ce646f7eccd42c4541ecee8f07040fc1ac36fe071bbfebb870", // _merkleRoot
    )

  }


})

get log , notice this poc doesn't change time,these nfts are minted at same time

  NextGen Tests
    mint multiAtOnePeriod at start in phase3
lastMintDate1 0
-----minting 1st token----
lastMintDate2 1698136970
-----minting 2st token----
lastMintDate3 1698137170
-----minting 3st token----
lastMintDate4 1698137370
-----minting 4st token----
      ✔ #mint multiAtOnePeriod (445ms)

Tools Used

hardhat

Recommended Mitigation Steps

consider modify this line
lastMintDate[col] = collectionPhases[col].allowlistStartTime + (collectionPhases[col].timePeriod * (gencore.viewCirSupply(col) - 1));
compare lastMintDate[col] with currenttime

Assessed type

Timing

[c4-pre-sort]

141345 marked the issue as sufficient quality report

[c4-pre-sort]

141345 marked the issue as primary issue

[c4-sponsor]

a2rocket (sponsor) disputed

[a2rocket]

From docs:

Let's assume that the minting sale starts at 24/07/2023 14:00. The first minting takes place at 24/07/2023 14:03. Users will be able to mint again after the time period has elapsed so after 24/07/2023 14:10. In case they try to mint prior that time their transaction will be reverted.
Any unminted tokens from previous periods are transferred for minting in upcoming periods, ex: in the above case if none was minting during the first period a user is able to mint 2 tokens during the 2nd period. Please note that as the max Number of Tokens to mint must be 1 in order to mint the 2 tokens it needs to execute 2 different transactions.

[alex-ppg]

The Warden specifies that it is possible to mint more than one token in a single period of a periodic sale.

As the Sponsor correctly cites, the documentation of NextGen permits this and the one-per-period restriction refers to an "allowance" rather than a true restriction. In detail, one-per-period allowances are meant to accumulate permitting a user to f.e. ignore period 1 and period 2 while minting three tokens in period 3. As such, I consider the submission invalid as it describes the project's intended operation.

[c4-judge]

alex-ppg marked the issue as unsatisfactory:
Invalid

[c4-judge]

alex-ppg marked the issue as unsatisfactory:
Invalid