Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Valid

NFT paintings are not equally distributed

Summary

The protocol documentation states that get a cool account abstraction wallet, with a random Mondrian art painting!. However, the code at Lines 165-174 of MondrianWallet.sol does not equally distributes the four painting.

Vulnerability Details

One of the four paintings is assigned on the basis of the number taken in modulo 10 at Line 165: uint256 modNumber = tokenId % 10;. This results in a total of 10 possible values for the modNumber variable. In the following lines we can see that value 0 is for the first painting, 1 - for the second, 2 - for the third and all the other 7 values are for the fourth painting. This leads to a probability of 70% for getting the fourth painting.

Impact

This happens on each MoondrianWallet creation. 70% of the created wallets are expected to have the fourth art painting.

Tools Used

Manual Review

Recommendations

Change the module value to 4 on Line 165 so that is defined as uint256 modNumber = tokenId % 4;.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

NFT's should have equal distribution

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.