ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

an l1 NFT counterpart of an l2 NFT can be created with name "" and symbol ""

q3x

Summary

A potential issue exists where an L1 NFT counterpart of an L2 NFT can be created with an empty name and symbol

Vulnerability Details

If the contract of an NFT to be deployed is known, a user can call this function even before the NFT contract is deployed which will lead to Option::None here, the user can pass an empty array of token_ids and the NFT will be created on l1 with name "" and symbol "".

Locations:

  • https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/starknet/src/bridge.cairo#L266-L270

Impact

The probability of this issue occurring is high, and the impact is also high. It could lead to the creation of invalid NFTs on L1, potentially damaging user trust and causing significant issues within the NFT ecosystem.

Tools Used

  • Manual code review

Recommendations

  • check if the token_ids.len is greater than 0, revert if not.

  • revert if the result is Option::None

let (name, symbol, base_uri, uris) = match erc721_metadata {
Option::Some(data) => (data.name, data.symbol, data.base_uri, data.uris),
Option::None => {
assert(false, 'ERC721 metadata not found');
(array![], array![], array![], array![])
}
};
Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

invalid-empty-tokenIds-starknet-side

No real impact. Attacker will have to pay the deployment of the new contract even with 0 token, and it won’t have any interest do to that since he won’t take the control of the contract.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!