Skip to content

Lack of selectedTraits validation in mintReserveAuction#

Low Risk

In Minting.sol there is mintReserveAuction function used to mint a canvas that was on reserve auction. It receives an uint array selectedTraits and saves it to storage for the canvas that is being minted. But the traits validity is never checked like it is in defaultMint. There can be more traits than are defined for the selected canvas. Also, the traits values can be out of range.

Recommendation#

In mintReserveAuction check that selected traits match the traits definition for selected canvas, like you do in defaultMint with handleTraits function.