ghost
commented
2 years ago My issue here https://github.com/code-423n4/2022-08-foundation-findings/issues/59 with a proof of concept test in foundry but I disagree with severity as there are no loss of funds.
There are also too many dups for this issue so I won't list all of them down. Please check the de-dupe tool shared by kartoonjoy.
HardlyDifficult
Lines of code
https://github.com/code-423n4/2022-08-foundation/blob/792e00df429b0df9ee5d909a0a5a6e72bd07cf79/contracts/mixins/nftDropMarket/NFTDropMarketFixedPriceSale.sol#L183
Vulnerability details
[PNM-001]
saleConfig.limitPerAccountcan be overridenLinks
Description
The contract NFTDropMarketFix implements a limit on the amount of NFTs that an account can mint with the function
mintFromFixedPriceScale. This is done via a comparison of thebalanceOf()of an account and thesaleConfig.limitPerAccount. However, this check can be bypassed by account holders transferring the NFTs to other accounts offchain, causing thebalanceOf()the account to decrease, thus allowing the account to potentially buy more than thesaleConfig.limitPerAccount.PoC / Attack Scenario
mintFromFixedPriceScalewith thecountparameter equal to thesaleConfig.limitPerAccount.transfercalls.balanceOf()Alice decreases from the previous action.mintFromFixedPriceScaleagain with a non-zero count, to gain more NFTs.saleConfig.limitPerAccount.Suggested Fix
Consider creating an
availableMintvalue for every account, and whenmintFromFixedriceScaleis called, decrease the amount minted from theavailableMint.