Closed sherlock-admin closed 2 years ago
cccz
medium
Excess ETH not refunded
In NFTCollection contracts, the amount of ETH required to mint NFTs may change, and users who mint NFTs in the same block using a higher price will not receive the refund when the price decreases.
The user will not receive the excess ETH
https://github.com/sherlock-audit/2022-10-nftport/blob/main/evm-minting-master/contracts/templates/NFTCollection.sol#L514-L517 https://github.com/sherlock-audit/2022-10-nftport/blob/main/evm-minting-master/contracts/templates/NFTCollection.sol#L289-L295
Manual Review
Consider refunding excess ETH
Fixed in https://github.com/nftport/evm-minting-sherlock-fixes/pull/12
hyperspacebunny
commented
1 year ago
cccz
medium
Excess ETH not refunded
Summary
Excess ETH not refunded
Vulnerability Detail
In NFTCollection contracts, the amount of ETH required to mint NFTs may change, and users who mint NFTs in the same block using a higher price will not receive the refund when the price decreases.
Impact
The user will not receive the excess ETH
Code Snippet
https://github.com/sherlock-audit/2022-10-nftport/blob/main/evm-minting-master/contracts/templates/NFTCollection.sol#L514-L517 https://github.com/sherlock-audit/2022-10-nftport/blob/main/evm-minting-master/contracts/templates/NFTCollection.sol#L289-L295
Tool used
Manual Review
Recommendation
Consider refunding excess ETH