Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: high
Valid

`HuffingStore.huff::MINT_HORSE` doesn't load storage which breaks the function

Description

The HuffingStore.huff::MINT_HORSE function forgets to load storage after obtaining the slot number, resulting in passing this number (0) instead of utilizing the real value from totalSupply().

#define macro MINT_HORSE() = takes (0) returns (0) {
[TOTAL_SUPPLY] // [TOTAL_SUPPLY]
@>
caller // [msg.sender, TOTAL_SUPPLY]
_MINT() // []
stop // []
}

Impact

The consequence is the impossibility to mint more than one horse.

Proof of Concept

Foundry PoC
function testMultiMint() public {
vm.startPrank(user);
horseStore.mintHorse();
// will revert with ALREADY_MINTED error
horseStore.mintHorse();
vm.stopPrank();
}

Recommended Mitigation

To address this issue, add the sload instruction after placing the slot number on the stack.

#define macro MINT_HORSE() = takes (0) returns (0) {
[TOTAL_SUPPLY] // [TOTAL_SUPPLY]
+ sload // [totalSupply]
- caller // [msg.sender, TOTAL_SUPPLY]
+ caller // [msg.sender, totalSupply]
_MINT() // []
stop // []
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Failure to properly load the totalSupply in Huff

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.