search

code-423n4 / 2024-05-munchables-findings

3 stars 1 forks source link

User gets no NFT from subsequent token locks when initial locked quantity is less than nft cost. #417

Closed howlbot-integration[bot] closed 3 months ago

howlbot-integration[bot] commented 3 months ago

Lines of code

https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L380

Vulnerability details

Impact

User gets no NFT even if their accumulated quantity is up to nftcost

Proof of Concept

Consider the scenario:

NftCost is 1 ether. Alice locks 0.5 ether intially. According to the protocols accounting, alice gets no NFT, remainder=0 and lockedToken.quantity=0.5eth.

Alice locks 0.5 ether a second time.

        uint256 quantity = _quantity + lockedToken.remainder;

The above line adds the newly locked 0.5 eth to her remainder which is 0, causing the quantity to be less than 1 eth which is needed to get a munchable NFT.

The issue here is in the fact that if alice had deposited 1.5 ether initially her lockedToken.quantity would have been set to 1.5 ether and the outstanding 0.5 ether would have been added to the next deposit of 0.5 ether causing her to get another munchable NFT. But in the first case her 0.5eth which would have been stored as a remainder normally is set as quantity and is not added to subsequent token locks causing her to receive no NFTs despite both deposits.

Tools Used

Manual Review

Recommended Mitigation Steps

Add the Condition

If(quantity < configuredToken.nftCost && remainder==0){
 lockdedToken.remainder = quantity;
 lockedToken.quantity=quantity
}

Assessed type

Math