Comparing `_tokenIds` to `maxTokensPerGen` in `TraitForgeNft::mintWithBudget` denies user this service for future generations after the first generation.

[howlbot-integration[bot]]

Lines of code

https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/TraitForgeNft/TraitForgeNft.sol#L215 https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/TraitForgeNft/TraitForgeNft.sol#L285

Vulnerability details

summary

In TraitForgeNft::mintWithBudget when minting tokens on a budget, the contract ensures that _tokenIds is less than maxTokensPerGen which makes this function's functionality unavailable for all future generations after the first one since _tokenIds count will be greater than maxTokensPerGen.

Vulnerability Details

While mint on budget in TraitForgeNft::mintWithBudget, before minting in the while loop, the contract ensures that _tokenIds is less than maxTokensPerGen.

...code..

 while (budgetLeft >= mintPrice && _tokenIds < maxTokensPerGen){

 ..code..

• https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/TraitForgeNft/TraitForgeNft.sol#L215

  But this rises an issue since after the first generation, the _tokenIds count will be greater than maxTokensPerGen since during each token's creation, _tokenIds is incremented.

  function _mintInternal(address to, uint256 mintPrice) internal {
    if (generationMintCounts[currentGeneration] >= maxTokensPerGen) {
      _incrementGeneration();
    }

 @@>>>>   _tokenIds++;

    ...code...

• https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/TraitForgeNft/TraitForgeNft.sol#L285

  At the end of the first generation, or even before its end as even forging increments _tokenIds, users won't be able to use this function anymore to mint tokens.

Impact

Denial of service as users will be denied the functionality to mint multiple enties with a given budget in TraitForgeNft::mintWithBudget for all future generations after the first one.

Tools Used

Manual Review

Recommended Mitigation Steps

Recommendation

Istead of ensuring that _tokenIds is less than maxTokensPerGen, ensure that a the current generation's mint count (generationMintCounts) is less than maxTokensPerGen in TraitForgeNft::mintWithBudget.

 --->   while (budgetLeft >= mintPrice && _tokenIds < maxTokensPerGen){

++++>  while (budgetLeft >= mintPrice && `generationMintCounts[currentGeneration]` < maxTokensPerGen){

Assessed type

DoS

[c4-judge]

koolexcrypto changed the severity to 3 (High Risk)

[c4-judge]

koolexcrypto marked the issue as satisfactory