Potential infinite loop in `erc721_bridgeable::mint_range` function
Summary
The mint_range function in the ERC721BridgeableMintableImpl contract lacks proper validation for the input parameters start and end. If end < start, the function enters an infinite loop, consuming all the gas provided for the transaction without successfully minting any tokens.
Vulnerability Details
The mint_range function is intended to mint tokens within a specified range, from start to end. However, there is no check to ensure that start is less than or equal to end. The loop inside the function relies on this assumption:
If end < start, the loop will never break because token_id will continue to increment indefinitely without ever equaling end. As a result, the function will consume all the gas allocated for the transaction, leading to a failed transaction and significant gas loss.
Impact
mint_range function when called with end < start (accidentally or otherwise), will lose all the gas allocated for the transaction due to the infinite loop.
Tools Used
Manual Review
Recommendations
Consider implementing a validation check at the beginning of the mint_range function to ensure that start is less than or equal to end.
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.