First Flight #7: Horse Store

First Flight #7

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

`totalSuppy` is not updated when `mintHorse` is called which results that after minting of first NFT, `Other user can not able mint NFTs`

naman1729

Summary

Total supply is not updated on calling mintHorse function which results that after minting of first NFT, Other users are unable to mint NTFs because of totalSupply is returning 0 even after minting of first NFT.

Vulnerability Details

In HorseStoreHuff.sol contract, totalSupply is not updated which is shown in the below test

function testTotalSupplyIsUpdating() public {

uint256 initialvalueOfTokenId = horseStore.totalSupply();

vm.prank(user1);

horseStore.mintHorse();

uint256 tokenIdOfUser1 = horseStore.tokenOfOwnerByIndex(user1, 0);

assertEq(tokenIdOfUser1, 0); //passing

assertEq(initialvalueOfTokenId, 0); // passing

console.log("totalSupply After user1 minted the NFT must be equal to 1 = ", horseStore.totalSupply());

assertEq(horseStore.totalSupply(), 1); // failing

// totalSupply is not updated after user1 minted the NFT which effect that other user are unable to mint NFT

}

[⠊] Compiling...

[⠒] Compiling 1 files with 0.8.20

[⠢] Solc 0.8.20 finished in 3.04s

Compiler run successful!

Running 1 test for test/HorseStoreHuff.t.sol:HorseStoreHuff

[FAIL. Reason: assertion failed] testTotalSupplyIsUpdating() (gas: 79713)

Logs:

totalSupply After user1 minted the NFT must be equal to 1 = 0

Error: a == b not satisfied [uint]

Left: 0

Right: 1

Test result: FAILED. 0 passed; 1 failed; 0 skipped; finished in 2.17s

Ran 1 test suites: 0 tests passed, 1 failed, 0 skipped (1 total tests)

Failing tests:

Encountered 1 failing test in test/HorseStoreHuff.t.sol:HorseStoreHuff

[FAIL. Reason: assertion failed] testTotalSupplyIsUpdating() (gas: 79713)

Encountered a total of 1 failing tests, 0 tests succeeded

This test shows that after minting of first NFT, Other users are unable to mint NTFs because of totalSupply is returning 0 even after minting of first NFT.

function testMultiplyUserCanNotMintNFT() public {

vm.prank(user1);

horseStore.mintHorse();

vm.expectRevert("ALREADY_MINTED");

vm.prank(user2);

horseStore.mintHorse();

// This means that the user2 NFT is not minted because the totalSupply is not updated and returning 0 as tokenId for user2. but, 0 as tokenId is already minted by user1

}

[⠒] Compiling...

No files changed, compilation skipped

Running 1 test for test/HorseStoreHuff.t.sol:HorseStoreHuff

[PASS] testMultiplyUserCanNotMintNFT() (gas: 62882)

Test result: ok. 1 passed; 0 failed; 0 skipped; finished in 2.17s

Ran 1 test suites: 1 tests passed, 0 failed, 0 skipped (1 total tests)

Impact

This bug results that after minting of first NFT, Other users are unable to mint NTFs

Tools Used

Manual Review

Recommendations

Use ERC721.sol form huffmate.

/* Imports */

#include "../lib/huffmate/src/data-structures/Hashmap.huff"

#include "../lib/huffmate/src/utils/CommonErrors.huff"

+ #include "../lib/huffmate/src/token/ERC721.huff"

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Failure to increment total supply on mint

Rewards breakdown

nSLOC

460

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.