First Flight #7: Horse Store
First Flight #7
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Inconsistency in Minting Behavior between Solidity and Huff Versions of NFT Contract

0x4non

Summary

The Horse Store exhibits a critical functional discrepancy between its Solidity and Huff implementations concerning the minting process. While the Solidity version employs a safeMint function, ensuring compliance with ERC721's safety checks, the Huff version uses an equivalent to the _mint function, which lacks these safety measures.

Vulnerability Details

The issue arises due to the differing implementations of the minting function in the two versions of the contract:

  1. Solidity Version (safeMint): This function performs a safety check by triggering the onERC721Received callback when transferring a newly minted NFT to a contract. This check ensures that the receiving contract is capable of handling ERC721 tokens, thus preventing tokens from being locked in contracts that do not support them.

  2. Huff Version (_mint Equivalent): This implementation does not invoke the onERC721Received callback. As a result, it lacks the safety mechanism to verify whether the recipient contract can handle ERC721 tokens.

Impact

The absence of safety checks in the Huff version poses a significant risk. NFTs could be inadvertently transferred to contracts that do not support the ERC721 standard, potentially resulting in the permanent loss of those assets. This undermines the security and reliability of the NFT contract, potentially affecting user trust and the contract's integrity.

Tools Used

The issue was identified through a Proof of Concept (PoC).

Recommendations

To address this issue, it is recommended to update the Huff version of the NFT contract to include a safe minting function akin to safeMint in Solidity. This function should ensure the onERC721Received callback is properly called during the minting process.

Implementing these changes is crucial for aligning the Huff version with the expected standards of ERC721 and ensuring the security and reliability of the NFT minting process.

POC

// SPDX-License-Identifier: MIT
pragma solidity 0.8.20;
import {Test, console2} from "forge-std/Test.sol";
import {HuffDeployer} from "foundry-huff/HuffDeployer.sol";
import {HorseStore} from "../src/HorseStore.sol";
import {IERC721Enumerable} from "@openzeppelin/contracts/token/ERC721/extensions/IERC721Enumerable.sol";
contract MixedHuffTest is Test {
string public constant NFT_NAME = "HorseStore";
string public constant NFT_SYMBOL = "HS";
string public constant horseStoreLocation = "HorseStore";
HorseStore horseStoreHuff;
HorseStore horseStoreSol;
function setUp() public {
horseStoreSol = new HorseStore();
horseStoreHuff = HorseStore(
HuffDeployer.config().with_args(bytes.concat(abi.encode(NFT_NAME), abi.encode(NFT_SYMBOL))).deploy(
horseStoreLocation
)
);
}
function testMint() public {
vm.warp(10);
vm.roll(10);
// this contract is not a valid ERC721 Receiver therefore this should revert
vm.expectRevert();
horseStoreSol.mintHorse();
// this contract is not a valid ERC721 Receiver therefore this should revert
vm.expectRevert();
horseStoreHuff.mintHorse();
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Components of ERC721 not properly (or at all) implemented in HUFF

0x4non Submitter
over 1 year ago
inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Components of ERC721 not properly (or at all) implemented in HUFF

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.