First Flight #12: Kitty Connect
First Flight #12: Kitty Connect
Beginner FriendlyFoundryNFTGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

"kittyTokenCounter" is only increasing and never decreasing

hashov

Summary

"kittyTokenCounter" is only increasing and never decreasing.

Vulnerability Details

"kittyTokenCounter" is only increasing and never decreasing even when we are burning/transfering tokens from this contract to another, meaning we will have some owners with s_ownerToCatsTokenId = (10,20,13,6,3) meaning this array is not guaranteed to be ordinal and in a sequence. Therefore this code piece will break the business logic:

if (idx < (userTokenIds.length - 1)) {
s_ownerToCatsTokenId[msg.sender][idx] = lastItem;
}

As previously submitted this finding with "s_ownerToCatsTokenId" being in sequence it is possible for them not to be in a sequence therefore idx to be huge amount than the "s_ownerToCatsTokenId.length" meaning it will never go in the if, therefore never removing the "idx" that we are burning and again losing an nft for the owner.

Impact

High, since the owner of the nft loses one of his nfts and remains with a reference to the id of the one that is burned.

Tools Used

Manual review.

Recommendations

Remove the if and do the following:

if(lastItem != idx){
s_ownerToCatsTokenId[msg.sender].pop()
ownerToCatsTokenId[msg.sender][idx] = lastItem;
} else {
s_ownerToCatsTokenId[msg.sender].pop()
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality
hashov Submitter
over 1 year ago

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.