Platform: Code4rena
Start Date: 20/09/2022
Pot Size: $100,000 USDC
Total HM: 4
Participants: 109
Period: 7 days
Judge: GalloDaSballo
Id: 163
League: ETH
Rank: 91/109
Findings: 1
Award: $55.20
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0x52, 0x5rings, 0xNazgul, 0xRobocop, 0xSmartContract, 0xdeadbeef, 0xsanson, 8olidity, Amithuddar, Aymen0909, B2, B353N, CertoraInc, Ch_301, Chom, CodingNameKiki, Deivitto, ElKu, Funen, JC, JohnnyTime, Kresh, Lambda, Noah3o6, RaymondFam, ReyAdmirado, RockingMiles, Rolezn, Sm4rty, SuldaanBeegsi, Tadashi, TomJ, Tomio, V_B, Waze, __141345__, a12jmx, ak1, arcoun, asutorufos, aviggiano, berndartmueller, bharg4v, bin2chen, brgltd, bulej93, c3phas, catchup, cccz, ch0bu, cryptonue, cryptphi, csanuragjain, delfin454000, devtooligan, djxploit, durianSausage, eighty, erictee, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, ignacio, joestakey, ladboy233, lukris02, m9800, malinariy, martin, minhtrng, obront, oyc_109, pedr02b2, pedroais, pfapostol, philogy, prasantgupta52, rbserver, ronnyx2017, rotcivegaf, rvierdiiev, sach1r0, shung, simon135, throttle, tnevler, tonisives, wagmi, yixxas, zkhorse, zzykxx, zzzitron
55.1985 USDC - $55.20
Legendary gobbler cannot be minted when the cost of minting is too high. In mintLegendaryGobbler() function, loop is run through all the gobblers used for the sacrifice. This is an expensive gas operation when cost is too high. In this case, it will exceed the block gas limit of 30 million gas when a user is attempting to mint the last legendary gobbler.
function mintLegendaryGobbler(uint256[] calldata gobblerIds) external returns (uint256 gobblerId) { ... uint256 id; // Storing outside the loop saves ~7 gas per iteration. for (uint256 i = 0; i < cost; ++i) { id = gobblerIds[i]; if (id >= FIRST_LEGENDARY_GOBBLER_ID) revert CannotBurnLegendary(id); require(getGobblerData[id].owner == msg.sender, "WRONG_FROM"); burnedMultipleTotal += getGobblerData[id].emissionMultiple; emit Transfer(msg.sender, getGobblerData[id].owner = address(0), id); } ... }
LEGENDARY_SUPPLY = 10
LEGENDARY_GOBBLER_INITIAL_START_PRICE = 69 gobblers
The cost doubles for each subsequent ones so we have, in the final iteration,
cost = 69 * 2**10 = 70656 so gobblerIds[].length = 70656 and foundry gas estimation to call mintLegendaryGobblers(gobblerIds[]) is at the cost of 35 million gas > 30 million gas.
Minters will have to wait till the cost drops below some amount such that the block gas limit is not exceeded.
Foundry
I see no simple fix for this without compromising on the cost increase of legendary gobblers or the starting cost since every gobblers sacrificed need to be looped through to check their validity and emissions.
#0 - Shungy
2022-09-27T19:27:15Z
There is more nuance to that.
First of all the final interval would be 69 * 2**9. But that is impossible, as it requires the previous interval to had 69 * 2**8. These all exceed maximum supply hence will never be reached. You have to also take into burned gobblers into consideration by removing from the maximum supply. Based on those I have calculated the maximum theoretical cost to be around ~4k. It might still get away without reaching gas limit, but it is very close, hence risky. It will probably get even more expenisve (hence riskier) after the "free legendary mint" bug is fixed.
This finding is similar to mine: https://github.com/code-423n4/2022-09-artgobblers-findings/issues/326 But it misses the nuance, and the actual problem. DOS is temporary as cost will decrease with dutch auction. The real issue is that it will shorten the auction interval. And that issue is definitely not high risk. So I will thumbs down this even though it seems similar to my submission on first glance.
#1 - GalloDaSballo
2022-10-09T22:14:45Z
I think the finding is a dup of #326 per the text above
L