Platform: Code4rena
Start Date: 30/10/2023
Pot Size: $49,250 USDC
Total HM: 14
Participants: 243
Period: 14 days
Judge: 0xsomeone
Id: 302
League: ETH
Rank: 196/243
Findings: 2
Award: $0.04
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: btk
Also found by: 00xSEV, 0x175, 0x180db, 0x3b, 0xAlix2, 0xJuda, 0xpiken, 0xraion, 3th, 836541, Al-Qa-qa, AvantGard, Aymen0909, Beosin, ChrisTina, DarkTower, DeFiHackLabs, EricWWFCP, Kose, Kow, KupiaSec, MrPotatoMagic, Neo_Granicen, PENGUN, PetarTolev, Ruhum, Soul22, SovaSlava, SpicyMeatball, Talfao, The_Kakers, Toshii, Tricko, VAD37, Viktor_Cortess, ZdravkoHr, _eperezok, alexxander, audityourcontracts, ayden, bird-flu, bronze_pickaxe, codynhat, critical-or-high, danielles0xG, degensec, droptpackets, evmboi32, fibonacci, flacko, gumgumzum, ilchovski, immeas, innertia, jacopod, joesan, ke1caM, kk_krish, mojito_auditor, nuthan2x, phoenixV110, pontifex, r0ck3tz, sces60107, seeques, sl1, smiling_heretic, stackachu, t0x1c, trachev, turvy_fuzz, ubl4nk, ustas, xAriextz, xuwinnie, y4y
0.038 USDC - $0.04
Out of date record of the token minted by the minting address could allow the user to continuously reenter the mint function by making calls to NextGenMinterContract.mint() through the user's onERC721Recieved() when the external call is made via safemint(), This is possible in both the allowlist phase and the public phase of minting. It could lead to an address having a monopoly over a large number of the collection NFT's. If this happens in the allowlist phase it could lead to some whitelisted users being unable to mint the token.
Manual Analysis
Follow CEI pattern and update the tokens minted by an address in both the allowlist and public phase before the call to mintprocessing is made.
Reentrancy
#0 - c4-pre-sort
2023-11-19T05:09:16Z
141345 marked the issue as duplicate of #51
#1 - c4-pre-sort
2023-11-26T14:02:53Z
141345 marked the issue as duplicate of #1742
#2 - c4-judge
2023-12-08T16:31:38Z
alex-ppg marked the issue as partial-25
#3 - c4-judge
2023-12-08T16:33:14Z
alex-ppg marked the issue as satisfactory
#4 - c4-judge
2023-12-08T16:45:18Z
alex-ppg marked the issue as partial-25
🌟 Selected for report: smiling_heretic
Also found by: 00decree, 00xSEV, 0x180db, 0x3b, 0x656c68616a, 0xAadi, 0xAleko, 0xAsen, 0xDetermination, 0xJuda, 0xMAKEOUTHILL, 0xMango, 0xMosh, 0xSwahili, 0x_6a70, 0xarno, 0xgrbr, 0xpiken, 0xsagetony, 3th, 8olidity, ABA, AerialRaider, Al-Qa-qa, Arabadzhiev, AvantGard, CaeraDenoir, ChrisTina, DanielArmstrong, DarkTower, DeFiHackLabs, Deft_TT, Delvir0, Draiakoo, Eigenvectors, Fulum, Greed, HChang26, Haipls, Hama, Inference, Jiamin, JohnnyTime, Jorgect, Juntao, Kaysoft, Kose, Kow, Krace, MaNcHaSsS, Madalad, MrPotatoMagic, Neon2835, NoamYakov, Norah, Oxsadeeq, PENGUN, REKCAH, Ruhum, Shubham, Silvermist, Soul22, SovaSlava, SpicyMeatball, Talfao, TermoHash, The_Kakers, Toshii, TuringConsulting, Udsen, VAD37, Vagner, Zac, Zach_166, ZdravkoHr, _eperezok, ak1, aldarion, alexfilippov314, alexxander, amaechieth, aslanbek, ast3ros, audityourcontracts, ayden, bdmcbri, bird-flu, blutorque, bronze_pickaxe, btk, c0pp3rscr3w3r, c3phas, cartlex_, cccz, ciphermarco, circlelooper, crunch, cryptothemex, cu5t0mpeo, darksnow, degensec, dethera, devival, dimulski, droptpackets, epistkr, evmboi32, fibonacci, gumgumzum, immeas, innertia, inzinko, jasonxiale, joesan, ke1caM, kimchi, lanrebayode77, lsaudit, mahyar, max10afternoon, merlin, mrudenko, nuthan2x, oakcobalt, openwide, orion, phoenixV110, pontifex, r0ck3tz, rotcivegaf, rvierdiiev, seeques, shenwilly, sl1, slvDev, t0x1c, tallo, tnquanghuy0512, tpiliposian, trachev, twcctop, vangrim, volodya, xAriextz, xeros, xuwinnie, y4y, yobiz, zhaojie
0 USDC - $0.00
The require statement in auctionDemo contract's participateToAuction opens the entire auction process to cheating via frontrunning attacks.
An NFT from a collection with an value $8000 has just been minted.
CASE A The malicious user immediately places a bid size just enough to make him the highest bid (maybe $1000) he then begins to monitor the mempool for calls to participateToAuction Frontrunning any new bid( by sending in a transaction with a msg.value> than the new bid in the mempool, hence causing that bid to fail) and maintaining only the highest two bid positions, his first $1000 bid and his current highestbid, then just as the end of the auction he cancels his highest bid leaving his first $1000 bid as the highest bid and he is hence able to win the nft for a significantly undervalued price.
CASE B at the start of the auction the malicious user opens a bid position of $1000 and then immediately places another bid of $200,000. Making him have the top two highest bids in the contract. The current highest bid of 200,000 acts as protection against other bids since no one sane would attempt to buy an NFT from a collection with an average nft value of $8000 for $200,000. then at the end of the auction the bidder cancels his $200,000 leaving his $1000 bid as the highest bid.
CASE C similar to case a and b but the bidder uses another address for his protection bid.
Manual analysis
Other
#0 - c4-pre-sort
2023-11-19T05:08:37Z
141345 marked the issue as duplicate of #962
#1 - c4-judge
2023-12-02T15:12:17Z
alex-ppg marked the issue as not a duplicate
#2 - c4-judge
2023-12-02T15:14:39Z
alex-ppg marked the issue as duplicate of #1784
#3 - c4-judge
2023-12-07T11:50:55Z
alex-ppg marked the issue as duplicate of #1323
#4 - c4-judge
2023-12-08T17:17:13Z
alex-ppg marked the issue as partial-25
#5 - c4-judge
2023-12-08T17:27:52Z
alex-ppg marked the issue as satisfactory
#6 - c4-judge
2023-12-08T17:57:13Z
alex-ppg marked the issue as partial-25