https://github.com/Cyfrin/2024-03-kitty-connect/blob/main/src/KittyConnect.sol
KittyConnect::_updateOwnershipInfo
Does Not Update s_ownerToCatsTokenId
of the Previous OwnerDescription: The KittyConnect::_updateOwnershipInfo
function is intended to update the ownership information of an NFT within the NFT bridge protocol. However, it appears that this function does not update the s_ownerToCatsTokenId
mapping for the previous owner of the NFT. This mapping is crucial for tracking the ownership of NFTs across chains, as it links an owner's address to the token ID of their NFT.
Impact: While this issue might not have a major impact on the overall functionality of the bridge, as other functions use multiple checks before bridging or transferring an NFT, it is still important to ensure that the s_ownerToCatsTokenId mapping does not contain incorrect data. Incorrect data in this mapping could cause confusion for users, potentially leading to misinterpretations of ownership and incorrect actions, such as attempting to transfer an NFT to the wrong owner or failing to recognize the current owner of an NFT.
Proof of Concept: There is no need to do any proof of concept because the test suit already has a test function which fails because of this issue.
Recommended Mitigation: Add the following line to _updateOwnershipInfo
function:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.