Omniscia Redacted Cartel Audit
Mariposa Manual Review Findings
Mariposa Manual Review Findings
MAR-01M: Improper Mint Allowance Race Condition
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | Mariposa.sol:L125 |
Description:
The linked conditional evaluated for decreasing the allowance of a particular minted is harmful as it leads to a race condition whereby a malicious minter will detect the owner's action of decreasing their allowance and will consume an allowance equal to mintAllowances[minted] - amount + 1 causing the decrease operation to fail fatally.
Impact:
It is currently possible for a malicious minter to sabotage any allowance decrease operation by carefully consuming their allowance with a higher gas fee.
Example:
114/** 115 @notice Decrease allowance116 @param minter address Address with minting rights117 @param amount uint256 Amount to decrease118 */119function decreaseAllowance(address minter, uint256 amount)120 external121 onlyOwner122{123 if (!isMinter[minter]) revert NotMinter();124 if (amount == 0) revert ZeroAmount();125 if (mintAllowances[minter] < amount) revert UnderflowAllowance();126
127 totalAllowances -= amount;128 mintAllowances[minter] -= amount;129
130 emit DecreasedAllowance(minter, amount);131}Recommendation:
We advise the condition to be gracefully handled by assigning mintAllowances[minter] to amount if amount exceeds it, preventing the race condition from manifesting.
Alleviation:
The Redacted Cartel considered this exhibit and opted to not apply a remediation for it as the minter accounts will solely be managed by the team. We would like to note that the recommended alleviation mitigates a portion of errors that may surface during decreaseAllowance operations, such as an automatic smart contract that is meant to be taken off operation but is utilized by public users. As such, we advise the graceful handling of allowance decrease to be introduced into the codebase but consider this exhibit acknowledged as the team expressed desire to perform no action.