Skip to content
This repository has been archived by the owner on May 5, 2024. It is now read-only.

unix515 - Invalid condition - mint will be not worked although native token is sufficient. #1

Closed
sherlock-admin2 opened this issue Nov 4, 2023 · 1 comment
Closed

unix515 - Invalid condition - mint will be not worked although native token is sufficient. #1

sherlock-admin2 opened this issue Nov 4, 2023 · 1 comment
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Nov 4, 2023
edited by sherlock-admin
Loading

unix515

medium

Invalid condition - mint will be not worked although native token is sufficient.

Summary

Invalid condition - mint will be not worked although native token is sufficient.

Vulnerability Detail

If the msg.value is not strictly equal "quantity * PRICE", "premint" and "mint" will be not worked although the native token is sufficiently provided.

Impact

"premint" and "mint" will not be worked although msg.value is sufficiently provided..

Code Snippet

https://github.com/sherlock-audit/2023-10-looksrare/blob/main/contracts-infiltration/contracts/Infiltration.sol#L450
https://github.com/sherlock-audit/2023-10-looksrare/blob/main/contracts-infiltration/contracts/Infiltration.sol#L482

Tool used

Manual Review

Recommendation

Please correct the condition.

function premint(address to, uint256 quantity) external payable onlyOwner {
--	if (quantity * PRICE != msg.value) {
++	if (quantity * PRICE > msg.value) {
		revert InsufficientNativeTokensSupplied();
	}
	...
}
function mint(uint256 quantity) external payable nonReentrant {
	...
	uint256 amountMinted = amountMintedPerAddress[msg.sender] + quantity;
	if (amountMinted > MAX_MINT_PER_ADDRESS) {
		revert TooManyMinted();
	}

--	if (quantity * PRICE != msg.value) {
++	if (quantity * PRICE > msg.value) {
		revert InsufficientNativeTokensSupplied();
	}

	if (totalSupply() + quantity > MAX_SUPPLY) {
		revert ExceededTotalSupply();
	}

	...
}
@sherlock-admin2 sherlock-admin2 mentioned this issue Nov 4, 2023
Closed
@github-actions github-actions bot closed this as completed Nov 6, 2023
@github-actions github-actions bot added the Excluded Excluded by the judge without consulting the protocol or the senior label Nov 6, 2023
@nevillehuang
Copy link
Collaborator

No issue here, design choice that has the benefit of preventing users from paying excessive amounts and to avoid a explicit refund mechanism.

@rcstanciu rcstanciu mentioned this issue Nov 8, 2023
Closed
@rcstanciu rcstanciu added the Has Duplicates A valid issue with 1+ other issues describing the same vulnerability label Nov 8, 2023
@sherlock-admin sherlock-admin changed the title Nutty Berry Nuthatch - Invalid condition - mint will be not worked although native token is sufficient. unix515 - Invalid condition - mint will be not worked although native token is sufficient. Nov 9, 2023
@sherlock-admin sherlock-admin added Non-Reward This issue will not receive a payout and removed Has Duplicates A valid issue with 1+ other issues describing the same vulnerability labels Nov 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rcstanciu @nevillehuang @sherlock-admin @sherlock-admin2