First Flight #12: Kitty Connect

Summary

The mintBridgedNFT function, which is called by the KittyBridge contract in the _ccipReceive() function, is responsible for minting bridged NFTs on the destination chain. However, the function does not update the s_ownerToCatsTokenId mapping, which is used to track the token IDs owned by each user. This leads to an incomplete update of the token data on the new chain, potentially causing inconsistencies and issues with ownership tracking.

Vulnerability Details

When the mintBridgedNFT is triggered a new token is created on the new chain but the new tokenId is not added to the s_ownerToCatsTokenId mapping array which leads to the idx part of the CatInfo Struct not getting the correct information as it depends on the s_ownerToCatsTokenId array to track the number of nfts the user hold and use it to generate an idx in the Catinfo Struct for the nft.

Impact

1. Ownership Tracking Issues: Failing to update the s_ownerToCatsTokenId mapping can result in incorrect ownership information, making it difficult to accurately track which tokens belong to each user on the destination chain.
   

2. Data Integrity Concerns: The incomplete update of token data can lead to inconsistencies between the actual token ownership and the recorded data, potentially causing issues with future operations involving those tokens.
   

3. User Experience Degradation: Users may experience confusion or unexpected behavior when interacting with their bridged NFTs if the ownership information is incorrect or incomplete.
   

4. Potential Security Vulnerabilities: Incomplete or incorrect token data can potentially introduce security vulnerabilities, such as unauthorized access or manipulation of token ownership.

POC

Tools Used

VS Code, Foundry and Manual Review

Recommendations

The code should be updated to push the tokenId to s_ownerToCatsTokenId[catOwner].