Back to s1m0's contests

LarvaLabs Meebits Contest - s1m0's results

20,000 unique 3D characters with a no fee trading marketplace, from the guys who made Cryptopunks

General Information

Platform: Code4rena

Start Date: 29/04/2021

Pot Size: $50,000 USDC

Total HM: 9

Participants: 10

Period: 2 days

Judge: Joseph Delong

Total Solo HM: 9

Id: 6

League: ETH

LarvaLabs Meebits

Findings Distribution

Researcher Performance

Rank: 4/10

Findings: 2

Award: $6,684.49

🌟 Selected for report: 3

🚀 Solo Findings: 1

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryLarvaLabs Meebits

Findings Information

🌟 Selected for report: s1m0

Labels

bug
2 (Med Risk)

Awards

6684.492 USDC - $6,684.49

External Links

Link to GitHub issue

Handle

s1m0

Vulnerability details

Impact

The getPrice() (https://github.com/code-423n4/2021-04-redacted/blob/main/Beebots.sol#L334) return 0 after the sale ended and SALE_LIMIT - numSales nft can be minted for free.

Proof of Concept

Tools Used

Manual analysis

Without documentation i'm not sure if it's the expected behaviour or not. If it's not you could revert instead of returning 0. If it's expected behaviour it's possible to create a smartContract and claim all the remaining nft frontrunning the normal users.

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter