Closed code423n4 closed 1 year ago
If the cost returns 0, it means the Legendary Auction interval has expired, and the intention is to be able to mint at a price of 0 (with no NFT IDs passed).
With the information I have avaialble, VRGDA will go from start to end, if start is meant to go to 0, that's intended behaviour.
In this specific instance we can purchase a legendary gobbler for 0, this doesn't seem to create any issue.
If anything you'd expect people to purchase before this happens
Lines of code
https://github.com/code-423n4/2022-09-artgobblers/blob/d2087c5a8a6a4f1b9784520e7fe75afa3a9cbdbe/src/ArtGobblers.sol#L411-L420
Vulnerability details
Impact
The function
mintLegendaryGobbler
can be called without anygobblerIds
as well.Proof of Concept
https://github.com/code-423n4/2022-09-artgobblers/blob/d2087c5a8a6a4f1b9784520e7fe75afa3a9cbdbe/src/ArtGobblers.sol#L411-L471.
to mint the legendary gobbler in the function
mintLegendaryGobbler
, the lineArtGobblers.sol#L418
calculates the cost.uint256 cost = legendaryGobblerPrice();
The cost could be zero, when we look at the line https://github.com/code-423n4/2022-09-artgobblers/blob/d2087c5a8a6a4f1b9784520e7fe75afa3a9cbdbe/src/ArtGobblers.sol#L497 from function
legendaryGobblerPrice
If cost is zero, then the validation check in line https://github.com/code-423n4/2022-09-artgobblers/blob/d2087c5a8a6a4f1b9784520e7fe75afa3a9cbdbe/src/ArtGobblers.sol#L420 will not revert when
gobblerIds
is not passed. technically the condition check could beif( 0 < 0 )
- this will return false so the revert will not be executed.So, the user can call the function even without
gobblerIds
- https://github.com/code-423n4/2022-09-artgobblers/blob/d2087c5a8a6a4f1b9784520e7fe75afa3a9cbdbe/src/ArtGobblers.sol#L411 when the cost is zero.Tools Used
Manual code review - VS code
Recommended Mitigation Steps
Validating the the
cost
or checking thegobblerIds
is suggested.