Closed c4-submissions closed 10 months ago
141345 marked the issue as duplicate of #1189
141345 marked the issue as duplicate of #1763
141345 marked the issue as not a duplicate
141345 marked the issue as duplicate of #383
alex-ppg marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/MinterContract.sol#L258-L272 https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/MinterContract.sol#L326-L365
Vulnerability details
Description
Sales Mode 3 is when the contract allows only one mint per period of time. However,
burnToMint
andburnOrSwapExternalToMint
allows an user to bypass this restriction, since these functions don't have periodic sales check. This can be a problem since these sales mode collection tend to have higher prices, since the circulation supply will be lower.Proof of Concept
These functions don't have any periodic sales checks:
So, an user can
burnToMint
to mint more nft's that are allowed per period of time, which allows him to utilize the higher prices that collections with lower circulation supply has .Impact
Allows a user to bypass periodic minting, which allows him to enjoy the better prices of new collection that has a low circulation supply.
burnToMint
andburnOrSwapExternalToMint
needs to be set.burnToMint
can mint more tokens than unaware users or users that don't have tokens from others collections to burn.Tools Used
Manual Review
Recommended Mitigation Steps
Add the
sales option 3
checks.Assessed type
Invalid Validation