Implementation of the HorseStore.huff::MINT_HORSE()
function does not increment the total supply used to determine the token ID, causing Denial-of-Service (DoS) as it allows only one NFT to be minted.
When minting a horse NFT, assigning a unique token ID to each minted NFT is crucial. In the case of the HorseStore.huff::MINT_HORSE()
function, the total supply value is used to determine the token ID. However, the total supply value is never updated. As a result, after the first successful mint, any attempts to mint a new token will fail with an error message ALREADY_MINTED
indicating that the token has already been minted.
Only one NFT can ever be minted.
Add the next test in HorseStoreHuff.t.sol
.
Run a test with forge test --mt test_MintingHorseRevertsAfterFirstSuccessfulMint
.
Foundry
NOTE: The mitigation recommended for the current finding includes the mitigation recommended for the finding related to the total supply value not being loaded properly.
The total supply value should be incremented on every successful mint.
Recommended changes to HorseStore.huff::MINT_HORSE()
function:
Add the next test in HorseStoreHuff.t.sol
.
Run a test with forge test --mt test_MintMultipleHorses
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.