Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: high
Invalid

Lack of tokenId Check in mintRapper() Function Allows Duplicate Token Issuance

Summary

The mintRapper() function in OneShot.sol facilitates the minting of new ERC-721 tokens representing rappers, initializes their metadata, and ensures safety in the minting process through the _safeMint() function. However, the lack of a check to ensure that the token ID is unique before minting leaves the contract vulnerable to issuance of duplicate tokens.

Vulnerability Details

function mintRapper() public {
uint256 tokenId = _nextTokenId++;
@> _safeMint(msg.sender, tokenId); //@audit Missing tokenId check
// Initialize metadata for the minted token
rapperStats[tokenId] =
RapperStats({weakKnees: true, heavyArms: true, spaghettiSweater: true, calmAndReady: false, battlesWon: 0});
}

According to openzeppelin Docs for ERC721URIStorage:

Requirements:
- tokenId must not exist.
Example:
function mint() external returns (address vault, uint256 tokenId) {
tokenId = lastToken + 1;
_safeMint(msg.sender, tokenId);
@> lastToken = tokenId;
}

In the mint() function above, the lastToken variable is updated after minting a new token, ensuring that each subsequent mint operation uses a unique tokenId. This pattern is crucial for maintaining the uniqueness of each token ID within the ERC721 contract.

However, in the mintRapper() function, there is no explicit update to a similar variable (like _nextTokenId in mint() function above) to track the last minted token ID. This oversight can lead to potential issues, such as minting the same tokenId multiple times, which is not desirable in ERC721 tokens as each token ID should be unique.

Impact

It can lead to unexpected behavior when interacting with tokens, such as incorrect metadata retrieval or unexpected ownership transfers.

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, the _safeMint() function should include a check to ensure that the tokenId does not already exist before minting the token.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.