First Flight #7: Horse Store
First Flight #7
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Only 1 Horse NFT can be minted on the HorseStore.huff contract

coffee

Summary

In the 'HorseStore.huff::MINT_HORSE' function, TOTAL_SUPPLY is not being correctly gathered. This causes the function to not work after being called the first time.

Vulnerability Details

In the 'HorseStore.huff::MINT_HORSE' function the TOTAL_SUPPLY constant is being used instead of calling the GET_TOTAL_SUPPLY() function. Without calling this function, TOTAL_SUPPLY will stay at zero.

This will result in the function trying to mint tokenId 0 everytime MINT_HORSE is called.

The GET_TOTAL_SUPPLY() function needs to be called when minting an NFT so that TOTAL_SUPPLY increments after each token its minted.

Impact

The below test will fail when trying to mint the second NFT

function testMintMultiple() public {
uint256 horseId = horseStore.totalSupply();
vm.warp(10);
vm.roll(10);
vm.prank(user);
horseStore.mintHorse();
uint256 horseId2 = horseStore.totalSupply();
vm.prank(user2);
horseStore.mintHorse();
uint256 lastFedTimeStamp = block.timestamp;
horseStore.feedHorse(horseId);
horseStore.feedHorse(horseId2);
assertEq(horseStore.horseIdToFedTimeStamp(horseId), lastFedTimeStamp);
assertEq(horseStore.horseIdToFedTimeStamp(horseId2), lastFedTimeStamp);
}

Tools Used

--Foundry

Recommendations

It is recommended to change the MINT_HORSE() function so that it calls the GET_TOTAL_SUPPLY() function when minting a new NFT

#define macro MINT_HORSE() = takes (0) returns (0) {
- [TOTAL_SUPPLY] // [TOTAL_SUPPLY]
+ GET_TOTAL_SUPPLY() // [TOTAL_SUPPLY]
caller // [msg.sender, TOTAL_SUPPLY]
_MINT() // []
stop // []
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Failure to properly load the totalSupply in Huff

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.