Incorrect initialization of SALE_LIMIT to 20 instead of ~9k as indicated in code comment appears to be a test parameterization mistakenly carried over for deployment. Therefore, unless this is changed, the contract will only allow 20 NFTs to be sold in the public sale.
Handle
0xRajeev
Vulnerability details
Impact
Incorrect initialization of SALE_LIMIT to 20 instead of ~9k as indicated in code comment appears to be a test parameterization mistakenly carried over for deployment. Therefore, unless this is changed, the contract will only allow 20 NFTs to be sold in the public sale.
Proof of Concept
https://github.com/code-423n4/2021-04-redacted/blob/2ec4ce8e98374be2048126485ad8ddacc2d36d2f/Beebots.sol#L118
https://github.com/code-423n4/2021-04-redacted/blob/2ec4ce8e98374be2048126485ad8ddacc2d36d2f/Beebots.sol#L381
Tools Used
Manual Analysis
Recommended Mitigation Steps
Change to “uint public constant SALE_LIMIT = 9000;” on L118