Submission Details
Severity:
Totalsupply not updated in `HorseStore.huff` when new horse minted, making it impossible to mint more than one NFT
Description
When a new horse NFT is minted, the MINT_HORSE() nor the _MINT() do update the total supply (TOTAL_SUPPLY storage slot).
Impact
The total supply will remain at the zero value and it won't be possible to mint more than one NFT.
Proof of concept
function testUserCanMintMultipleTokens() public {
uint256 horse1Id = horseStore.totalSupply();
uint256 horse2Id = horse1Id + 1;
vm.prank(user);
horseStore.mintHorse();
vm.prank(user);
horseStore.mintHorse();
assertEq(horseStore.ownerOf(horse1Id), user);
assertEq(horseStore.ownerOf(horse2Id), user);
}
Recommended mitigation
Increment totalSupply when new token minted
#define macro _MINT() = takes (2) returns (0) {
// Input stack: // [to, tokenId]
// Output stack: // []
+ dup2 // [totalSupply, to, tokenId]
+ 0x01 add // [totalSupply+1, to, tokenId]
+ [TOTAL_SUPPLY] // [TOTAL_SUPPLY ,totalSupply+1, to, tokenId]
+ sstore // [to, tokenId]
// Check that the recipient is valid
dup1 iszero invalid_recipient jumpi // [to, tokenId]
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
Failure to increment total supply on mint
Rewards breakdown
nSLOC
460This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.