-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The mintAndAuction function will not work for fixed price sale collection due to division by zero #1278
Comments
141345 marked the issue as primary issue |
a2rocket (sponsor) disputed |
mintAndAuction requires a time period to be set, you can set it in any sale model as it just uses the time period and not any other variable. |
141345 marked the issue as sufficient quality report |
141345 marked the issue as duplicate of #962 |
141345 marked the issue as not a duplicate |
141345 marked the issue as primary issue |
alex-ppg marked the issue as duplicate of #1980 |
alex-ppg marked the issue as unsatisfactory: |
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/MinterContract.sol#L292
Vulnerability details
Impact
Auction functionality is dosed for NFTs that are minted with Fixed Price Sale model.
Proof of Concept
The rate for Fixed Price Sale model must be set to 0 as per docs:
However,
MinterContract.mintAndAuction()
function does not check what model is being used for what token and just calculates the time of last mint for every model:And in calculations we have the following line:
The division by zero would DoS auction functionality for tokens with a Fixed Price Sale model.
Tools Used
Manual review
Recommended Mitigation Steps
Check if the
collectionPhases[_collectionID].timePeriod == 0
. If it does, just end the function.Assessed type
DoS
The text was updated successfully, but these errors were encountered: