Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

The burn function in the DatasetAccessToken contract does not emit an event when a token is burned. This can lead to unintended behavior, such as the Victim contract not being notified of the burn event.

nitinaimshigh

Summary : If the burn function does not emit an event, the consequences can be severe:

  1. Unintended behavior: Other contracts or off-chain applications may not be notified of the burn action, leading to unintended behavior or errors.

  2. Security issues: An attacker could potentially burn tokens without being detected, leading to financial losses or other security issues.

  3. Lack of transparency: The burn action may not be transparent, making it difficult for users to verify that a token has been burned.

Vulnerability Details : The burn function in the DatasetAccessToken contract is responsible for removing a token from circulation. However, when a token is burned, the contract does not emit an event to notify listeners of the burn action. This can lead to unintended behavior and potential security issues.

Why is emitting an event important?

Emitting an event when a token is burned is important for several reasons:

  1. Notification: Emitting an event notifies listeners that a token has been burned. This allows other contracts or off-chain applications to react to the burn event and update their state accordingly.

  2. Transparency: Emitting an event provides transparency into the burn action. This allows users to verify that a token has been burned and that the contract's state has been updated correctly.

  3. Security: Emitting an event can help prevent potential security issues. For example, if a token is burned without emitting an event, an attacker could potentially burn tokens without being detected.

Impact : An attacker can exploit this vulnerability by burning tokens without notifying listeners, potentially causing financial losses or other security issues.

Proof of Concept Code : Here is a proof of concept code that demonstrates the vulnerability..

pragma solidity ^0.8.0;
import "<https://github.com/OpenZeppelin/openzeppelin-solidity/contracts/token/ERC721/SafeERC721.sol>";
contract DatasetAccessToken {
address public owner;
uint256 public supply;
mapping (address => uint256) public balances;
constructor(uint256 _supply) public {
owner = msg.sender;
supply = _supply;
}
function mint(address _to, uint256 _amount) public {
require(msg.sender == owner, "Only the owner can mint tokens");
require(_amount > 0, "Amount must be greater than 0");
require(supply >= _amount, "Not enough supply");
balances[_to] += _amount;
supply -= _amount;
}
function burn(uint256 _tokenId) public {
// No event emitted here
balances[msg.sender] -= 1;
supply -= 1;
}
function getBalance(address _owner) public view returns (uint256) {
return balances[_owner];
}
}
contract Attacker {
DatasetAccessToken public token;
constructor(address _token) public {
token = DatasetAccessToken(_token);
}
function attack() public {
// Burn a token without emitting an event
token.burn(1);
}
}
contract Victim {
DatasetAccessToken public token;
constructor(address _token) public {
token = DatasetAccessToken(_token);
}
function getBalance() public view returns (uint256) {
return token.getBalance(address(this));
}
}

In this example, the burn function in the DatasetAccessToken contract does not emit an event when a token is burned. This can lead to unintended behavior, such as the Victim contract not being notified of the burn event.

To demonstrate the vulnerability, you can deploy the contracts and call the attack function on the Attacker contract. Then, call the getBalance function on the Victim contract to see the effect of the burn.

Tools Used : VS Code

Recommendations : To fix the issue, the burn function should emit an event when a token is burned. For example..

function burn(uint256 \_tokenId) public {
emit Burn(msg.sender, \_tokenId);
balances\[msg.sender] -= 1;
supply -= 1;
}
event Burn(address indexed \_owner, uint256 \_tokenId);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.