Unlimited Minting exploit

[c4-bot-2]

Lines of code

https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/TraitForgeNft/TraitForgeNft.sol#L202-L225

Vulnerability details

Impact

The mintWithBudget function allows whitelisted users to mint an unlimited number of NFTs, constrained only by their budget and the maxTokensPerGen limit. This lack of per-user minting limits during the whitelist period can lead to several significant issues:

1.Centralization Risk: A small number of wealthy users could acquire a large portion of the total supply, potentially centralizing ownership.

2.Unfair Distribution: Early whitelist participants could mint a disproportionate number of NFTs, leaving few or none for later participants.

3.Price Manipulation: Large mints could rapidly drive up the price, potentially pricing out other whitelisted users.

4.Bot Exploitation: Automated scripts could be used to mint large quantities quickly, disadvantaging regular users.

5.Community Backlash: Perceived unfairness could lead to negative sentiment among community members who were unable to mint their desired quantity.

Proof of Concept

The current implementation allows unlimited minting within a single transaction:

    uint256 mintPrice = calculateMintPrice();
    uint256 amountMinted = 0;
    uint256 budgetLeft = msg.value;

    while (budgetLeft >= mintPrice && _tokenIds < maxTokensPerGen) {
      _mintInternal(msg.sender, mintPrice);
      amountMinted++;
      budgetLeft -= mintPrice;
      mintPrice = calculateMintPrice();
    }
    // ...
}

Scenario demonstrating the issue:

• Whitelist opens with 10,000 NFTs available (maxTokensPerGen).
• User A, with a large budget, submits a transaction to mint 5,000 NFTs.
• User B, also whitelisted, attempts to mint soon after but finds the price has significantly increased and fewer NFTs are available.
• The whitelist period ends with a small number of users holding a majority of the NFTs, while many whitelisted users were unable to participate.

Tools Used

manual view

Recommended Mitigation Steps

Implement a per-user minting limit for the whitelist period

Assessed type

Context

[irving4444]

@koolexcrypto hi thanks for quick judging

I want to point out here is that unlimited minting will discourage direct minting

• Whitelist members have unlimited minting privileges

• Mint price increases with the number of NFTs minted

• Whitelist members could mint many NFTs and sell below mint price, discouraging direct minting

The mint price starts at 0.005 ETH and increases linearly to 0.25 ETH .Later minters face significantly higher prices than early minters .In our simulation, we assumed early minters might sell on the secondary market with a 20% profit margin.This creates a scenario where secondary market prices are lower than mint prices for later NFTs.The mint price exceeds the simulated secondary market price at NFT #4082.At this point, the mint price is 0.104805 ETH, while the secondary market price is 0.104800 ETH.For NFTs after the crossover point (4082), it's cheaper to buy from the secondary market than to mint directly.This could significantly discourage direct minting for nearly 60% of the collection.For the last 5000 NFTs, approximately 96.38% are cheaper on the secondary market in this scenario.This means that for a vast majority of later NFTs, buyers have a financial incentive to purchase from the secondary market rather than minting directly.

[koolexcrypto]

This is a part of the design, it is a race game.