function mintNewBasket(uint256 _vaultNumber) external returns (uint256) {
// mint Basket with nrOfUnAllocatedTokens equal to _lockedTokenAmount
baskets[latestBasketId].vaultNumber = _vaultNumber;
baskets[latestBasketId].lastRebalancingPeriod = vaults[_vaultNumber].rebalancingPeriod + 1;
_safeMint(msg.sender, latestBasketId);
latestBasketId++;
emit BasketId(msg.sender, latestBasketId - 1);
return latestBasketId - 1;
}
Tool used
Manual Review
Recommendation
consider modifying the logic of the mintNewBasket function to a way that users couldn't mint more than an amount in a period of time consistently (basically a timing limit for like 1 mint a day sth)
Avci
high
there is no maximum amount for minting new basket and it can lead to DOS!
Summary
there is no maximum amount for minting a new basket and it can lead to DOS!
Vulnerability Detail
in contract Game.sol:L255
mintNewBasket
function there are no limits for the maximum amount or maximum amount minting consistentlyImpact
a bad actor can cause dos and mint forever with the bot.
Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Game.sol#L255
Tool used
Manual Review
Recommendation