Incorrect initialization of TOKEN_LIMIT to 30 instead of 22k as indicated in code comment appears to be a test parameterization mistakenly carried over for deployment. Therefore, unless this is changed, the contract will only allow 30 NFTs to be minted.
Handle
0xRajeev
Vulnerability details
Impact
Incorrect initialization of TOKEN_LIMIT to 30 instead of 22k as indicated in code comment appears to be a test parameterization mistakenly carried over for deployment. Therefore, unless this is changed, the contract will only allow 30 NFTs to be minted.
Proof of Concept
https://github.com/code-423n4/2021-04-redacted/blob/2ec4ce8e98374be2048126485ad8ddacc2d36d2f/Beebots.sol#L117
https://github.com/code-423n4/2021-04-redacted/blob/2ec4ce8e98374be2048126485ad8ddacc2d36d2f/Beebots.sol#L394
Tools Used
Manual Analysis
Recommended Mitigation Steps
Change to “uint public constant TOKEN_LIMIT = 22000;” on L117