No calculation for increasing the total supply in HorseStore.huff::MINT_HORSE() prevents the minting of new NFTs
Summary
The HorseStore.huff::MINT_HORSE() macro lacks the necessary calculations to increase the total supply each time a new NFT is minted,
resulting in the protocol being unable to mint new NFTs.
Additionally, there is a bug where the total supply value is not pushed onto the stack for the tokenId; instead, the address of the slot
is used
Vulnerability Details
The vulnerability is within the MINT_HORSE macro, with additional details provided in the following lines of code.
Impact
Absence of the correct calculation for the total supply value used in generating the tokenId renders the protocol incapable of minting
new NFTs. Employing the address of the TOTAL_SUPPLY slot rather than its value triggers the ALREADY_MINTED validation each time a new
NFT is attempted to be minted after the first one.
Tools Used
Stateful fuzzing with Foundry and manual review
Recommendations
Consider incorporating sload to load the value of TOTAL_SUPPLY onto the stack. Additionally, introduce the INCREASE_SUPPLY macro to
increment the value of TOTAL_SUPPLY by +1.
The macro used to increase the value of TOTAL_SUPPLY by +1.
Lead Judging Commences
Failure to increment total supply on mint
Failure to properly load the totalSupply in Huff
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.