Lack of tokenId Check in mintRapper() Function Allows Duplicate Token Issuance
Summary
The mintRapper() function in OneShot.sol facilitates the minting of new ERC-721 tokens representing rappers, initializes their metadata, and ensures safety in the minting process through the _safeMint() function. However, the lack of a check to ensure that the token ID is unique before minting leaves the contract vulnerable to issuance of duplicate tokens.
Vulnerability Details
According to openzeppelin Docs for ERC721URIStorage:
Example:
In the mint() function above, the lastToken variable is updated after minting a new token, ensuring that each subsequent mint operation uses a unique tokenId. This pattern is crucial for maintaining the uniqueness of each token ID within the ERC721 contract.
However, in the mintRapper() function, there is no explicit update to a similar variable (like _nextTokenId in mint() function above) to track the last minted token ID. This oversight can lead to potential issues, such as minting the same tokenId multiple times, which is not desirable in ERC721 tokens as each token ID should be unique.
Impact
It can lead to unexpected behavior when interacting with tokens, such as incorrect metadata retrieval or unexpected ownership transfers.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, the _safeMint() function should include a check to ensure that the tokenId does not already exist before minting the token.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.