search

code-423n4 / 2024-07-traitforge-findings

2 stars 1 forks source link

While loop can result in DoS due to high gas costs #1059

Closed howlbot-integration[bot] closed 2 months ago

howlbot-integration[bot] commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/TraitForgeNft/TraitForgeNft.sol#L215

Vulnerability details

Impact

In TraitForgeNft smart contract, mintWithBudget() function is used to mint as many tokens as corresponding provided with the function call msg.value allows. The problem is that the only limit is that the tokenIds should be less than maximum tokens per generation. It can result in DoS of the user as the number of repetitions can be very huge if it's some big customer and the gas costs of the loop may significantly increase.

Proof of Concept

https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/TraitForgeNft/TraitForgeNft.sol#L215-220

while (budgetLeft >= mintPrice && _tokenIds < maxTokensPerGen) {
      _mintInternal(msg.sender, mintPrice);
      amountMinted++;
      budgetLeft -= mintPrice;
      mintPrice = calculateMintPrice();
    }

User can mint as many tokens as he wants unless it's no greater than maximum tokens per generation. This may result in a huge gas costs for implementing the loop and in potential DoS as maxTokensPerGen equals to 100000.

Tools Used

Manual review.

Recommended Mitigation Steps

Reduce the bounds for the while loop.

Assessed type

Other

c4-judge commented 2 months ago

koolexcrypto changed the severity to QA (Quality Assurance)

c4-judge commented 2 months ago

koolexcrypto marked the issue as grade-c