You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The price of an MFT falls over time which creates a dynamic that one potential buyers want to wait for the price to drop but also not wait too long to avoid hitting the max sale cap.
However, on public blockchains any such mint call can be observed and attackers can simply wait until another person decides to buy at the current price and then frontrun that person.
Impact
Legitimate minters can be frontrun and end up with a failed transaction and without the NFT as the max sale limit is reached: require(numSales < SALE_LIMIT, "Sale limit reached.");
Recommended Mitigation Steps
Front-running is hard to prevent, maybe an auction-style minting process could work where the top SALE_LIMIT bids are accepted after the sale duration.
The text was updated successfully, but these errors were encountered:
Handle
cmichel
Vulnerability details
Vulnerability Details
The price of an MFT falls over time which creates a dynamic that one potential buyers want to wait for the price to drop but also not wait too long to avoid hitting the max sale cap.
However, on public blockchains any such
mintcall can be observed and attackers can simply wait until another person decides to buy at the current price and then frontrun that person.Impact
Legitimate minters can be frontrun and end up with a failed transaction and without the NFT as the max sale limit is reached:
require(numSales < SALE_LIMIT, "Sale limit reached.");Recommended Mitigation Steps
Front-running is hard to prevent, maybe an auction-style minting process could work where the top
SALE_LIMITbids are accepted after the sale duration.The text was updated successfully, but these errors were encountered: