c4-pre-sort
commented
10 months ago 141345 marked the issue as insufficient quality report
Closed c4-submissions closed 10 months ago
c4-pre-sort
commented
10 months ago 141345 marked the issue as insufficient quality report
c4-pre-sort
commented
10 months ago 141345 marked the issue as sufficient quality report
c4-sponsor
commented
10 months ago a2rocket (sponsor) disputed
a2rocket
commented
10 months ago as in all projects allowlist users have a specific period to time, allow them to mint after the allowlist phase ended its unfair for other participants on the public phase.
c4-judge
commented
10 months ago alex-ppg marked the issue as duplicate of #588
c4-judge
commented
9 months ago alex-ppg changed the severity to QA (Quality Assurance)
c4-judge
commented
9 months ago alex-ppg marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-10-nextgen/tree/main/smart-contracts/MinterContract.sol#L172
Vulnerability details
Impact
The minting phases lack proper validation, which can lead to an unfair distribution of tokens. As the public phase is set to be unlimited in duration, the allowlist participants might not have a chance to mint their tokens if the public phase starts before allowlist phase without restriction. This could result in a situation where no tokens are left for the allowlist participants.
Proof of Concept
The root cause of the vulnerability is the lack of proper validation for minting phases, potentially allowing the public phase to start earlier than the allowlist phase.
Tools Used
Manual Review
Recommended Mitigation Steps
To address this issue, it is recommended to implement proper validation for the minting phases. This should include checking time period parameters to ensure that the allowlist phase starts before the public phase.
Assessed type
Invalid Validation