ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect Token Range Minting Logic in `mint_range()` Function

0xshoonya

Summary

The mint_range function in the erc721_bridgeable.cairocontract contains a logic error that results in the exclusion of the upper bound token ID when minting a range of tokens. This leads to fewer tokens being minted than intended, potentially causing discrepancies in token distribution and bridge operations.

Vulnerability Details

The mint_range function is designed to mint a range of ERC721 tokens from a start ID to an end ID. However, the current implementation uses an exclusive upper bound check, which causes the function to terminate before minting the token with the ID equal to the end parameter.
The problematic code snippet is:

fn mint_range(ref self: ContractState, to: ContractAddress, start: u256, end: u256) {
let mut token_id = start;
loop {
@> if token_id == end {
break ();
}
self.mint(to, token_id);
token_id += 1_u256;
}
}

In this loop, the break condition if token_id == end is checked before minting the token. As a result, when token_id reaches the value of end, the loop terminates without minting that final token.

Impact

The function will consistently mint one less token than expected. For example, if called with start = 1 and end = 10, it will mint tokens 1 through 9, omitting token 10.

Tools Used

Manual Review

Recommendations

fn mint_range(ref self: ContractState, to: ContractAddress, start: u256, end: u256) {
+ assert(start <= end, 'Invalid range');
let mut token_id = start;
loop {
+ self.mint(to, token_id);
if token_id == end {
break ();
}
- self.mint(to, token_id);
token_id += 1_u256;
}
}
Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.