ArsenLupin - The attacker could mint all the tokenId's, but paying the fee only for the 1 tokenId #330
Labels
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
Escalation Resolved
This issue's escalations have been approved/rejected
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Won't Fix
The sponsor confirmed this issue will not be fixed
ArsenLupin
high
The attacker could mint all the tokenId's, but paying the fee only for the 1 tokenId
Summary
In the mintBatch function we can mint a token to a set of receivers for the given work. However the function works incorrectly, because the fees is paid only for 1 tokenId, but the issue function mint tokenId in the loop to the different addresses.
Vulnerability Detail
2.1 - The 1 tokenId is minted for each receiver in the loop till the maxSupply is reached
Impact
Attacker could mint all the tokenId's to hisself(accounts that belongs to attacker) and prevent other user's from minting this tokenId
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L304-L320
Tool used
Manual Review / Foundry
Recommendation
Ensure that the correct amount of fees is paid, based on the overall amount of minted tokenId's.
Duplicate of #264
The text was updated successfully, but these errors were encountered: