When bridging, users can lose their Kitties due to a lacking state update when the bridged Kitty gets minted.
The mintBridgedNFT
function is designed to mint a new Kitty token upon receiving a CCIP message from another chain. It assignes the next available index (idx
) for the newly minted Kitty, but it does not update the owner's token ID array (s_ownerToCatsTokenId[catOwner]
). This oversight can lead to scenarios where two tokens claim the same index position, undermining the integrity of token ownership tracking within the contract.
All of the bridged Kitties become unavailable upon arrival, because they will either:
occupy unavailable indexes (because index = s_ownerToCatsTokenId[catOwner].length
isn't reachable yet)
overwrite/be overwritten by newly minted Kitties at that exact index, which would cause losses of all Kitties at the same index when bridging to a new chain via bridgeNftToAnotherChain
.
Foundry
Add the following code to the KittyTest.t.sol
file:
Ensure that every token minting operation, including those initiated through the mintBridgedNFT
function, correctly updates the s_ownerToCatsTokenId
mapping to reflect the new token ID.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.