ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`erc721_bridgable::mint_range` is not checking if the `end` is greater than `start`

alqaqa

Vulnerability Details

There is a method called mint_range in the custom implementation of ERC721 on L2 where it can be used by the owner to mint owner to mint more than one NFT at one time.

erc721_bridgeable.cairo#L141-L150

fn mint_range(ref self: ContractState, to: ContractAddress, start: u256, end: u256) {
// @audit no check that end is greater than start
let mut token_id = start;
loop {
if token_id == end {
break ();
}
self.mint(to, token_id);
token_id += 1_u256;
}
}

As we can see there is no check that end is greater than start which is not a normal thing to leave without checking it when doing sequential operations like minting tokens in order.

If end equals sstart we will end up not minting anything, as we are not including the end in that implementation of the function. and if the end is smaller than start will go in an infinite loop which will make our tx go OOG.

Recommendations

Check that the end is greater than start

diff --git a/apps/blockchain/starknet/src/token/erc721_bridgeable.cairo b/apps/blockchain/starknet/src/token/erc721_bridgeable.cairo
index 9ec9419..466d51e 100644
--- a/apps/blockchain/starknet/src/token/erc721_bridgeable.cairo
+++ b/apps/blockchain/starknet/src/token/erc721_bridgeable.cairo
@@ -139,6 +139,7 @@ mod erc721_bridgeable {
}
fn mint_range(ref self: ContractState, to: ContractAddress, start: u256, end: u256) {
+ assert(end > start, 'end should be > start');
let mut token_id = start;
loop {
if token_id == end {
Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.