Submission Details
Severity:
Can't mint more than one token in Huff Contract version
Summary
Can't mint more than one token in Huff Contract version
Vulnerability Details
When calling HorseStore.mintHorse, the contract uses the totalSupply() as the id of the NFT to be minted. Huff ERC721 version has a bug where totalSupply is not incremented. So, after minting the first horse, the NFT is minted with id 0, but when trying to mint a new horse, total supply is still 0, and function reverts as it tries to mint token 0 again.
PoC
function testChecksAfterMint() public{
vm.prank(alice);
horseStore.mintHorse();
assertEq(horseStore.ownerOf(0),alice);
assertEq(horseStore.tokenOfOwnerByIndex(alice, 0),0);
// @audit-issue total supply is not incremented after minting
// assertEq(horseStore.totalSupply(),1, "totalSupply");
assertEq(horseStore.totalSupply(),0, "totalSupply");
}
Impact
HIGH. Core functionality broken.
Tools Used
Manual review, Foundry.
Recommendations
Increase total supply after each mint, so new tokens can be minted.
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
Failure to increment total supply on mint
Rewards breakdown
nSLOC
460This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.