NFTBridge
60,000 USDC
View results
Submission Details
Severity: low
Invalid

No checks on req.ids.len() and req.uris.len()

Summary

No checks on req.ids.len() and req.uris.len().

Vulnerability Details

The issue arises from the way the function handles token IDs and their corresponding URIs (Uniform Resource Identifiers).

The function loops through req.ids to process each token:

let mut i = 0;
loop {
if i == req.ids.len() {
break ();
}

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/starknet/src/bridge.cairo#L146C8-L150C14

Inside this loop, there's a condition to check if URIs are provided:

if (req.uris.len() != 0) {
let token_uri = req.uris[i];
IERC721BridgeableDispatcher { contract_address: collection_l2 }
.mint_from_bridge_uri(to, token_id, token_uri.clone());
} else {
IERC721BridgeableDispatcher { contract_address: collection_l2 }
.mint_from_bridge(to, token_id);
}

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/starknet/src/bridge.cairo#L163C16-L170C18

Now if req.uris.len() is less than req.ids.len(), when i becomes equal to or greater than req.uris.len(), the code will try to access req.uris[i] which doesn't exist. Or if req.uris.len() is greater than req.ids.len(), some URIs will be left unprocessed.

Impact

This could cause a runtime error or unexpected behavior. Or some URIs will be left unprocessed.

Tools Used

Manual review

Recommendations

Add a check to ensure that req.ids.len() equals req.uris.len() when URIs are provided.

Updates

Lead Judging Commences

n0kto Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.