`erc721_bridgeable.cairo::mint_range` could fall into an infinite loop
Relevant Github Link
Summary
The erc721_bridgeable.cairo::mint_range function is designed to mint multiple ERC721 tokens with consecutive token IDs. However, the loop within the function will not break if the start parameter is greater than the end parameter.
Vulnerability Details
The loop is designed to break only when token_id is equal to end. If incorrect arguments are provided where start is greater than end, the loop will never break because the break condition will never be met.
Impact
Likelihood: Low
This issue is currently not in use. Additionally, even if it were to be used, the arguments to call the function would likely be controlled by an admin.
Impact: High
If the function is called with the wrong arguments, it could result in extra bridged tokens being sent to an incorrect address. As a consequence, the users who own the corresponding native tokens will not be able to bridge their tokens, as the bridged tokens will have already been minted and sent to another address.
Tools Used
Manual Review
Recommendations
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.