PerpetualMintInternal::_setCollectionMintMultiplier() and PerpetualMintInternal::_setCollectionRisk() enfore that there are no pending mints. However, some mint attempts may fail due to a variety of reasons (even if the mentioned issues in this report are fixed, attackers may still perform gas bomb attacks when receiving ETH and revert the vrf callbacks.
Recommendation
Consider adding functions to forcefully remove pending vrf requests that have reverted.
CruzMolina
commented
5 months ago
Description
PerpetualMintInternal::_setCollectionMintMultiplier()andPerpetualMintInternal::_setCollectionRisk()enfore that there are no pending mints. However, some mint attempts may fail due to a variety of reasons (even if the mentioned issues in this report are fixed, attackers may still perform gas bomb attacks when receivingETHand revert the vrf callbacks.Recommendation
Consider adding functions to forcefully remove pending vrf requests that have reverted.