Trick or Treat
First Flight #27
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Custom the tokenId counter for the NFT tokenId

eth0x

Summary

In the protocol the counter of the tokenId is resolved by the custom solution.

This solution based on:

uint256 public nextTokenId;
nextTokenId += 1;

Vulnerability Details

Please note that in the trickOrTreat function, the mintTreat function is used in several places. However, in other parts of the function, such as within the else statement, the code that belongs to the mintTreat function is written out instead of calling the function itself.

The inconsistency in using the mintTreat function in some places while writing out the code in others can introduce bugs and make the contract harder to maintain. It’s crucial to refactor the code to consistently use the mintTreat function for clarity and reliability.

Impact

This breaks the fundamental functionality of the protocol.

Tools Used

manual review

Recommendations

Instead of using a custom solution for the tokenId counter, it is better to use OpenZeppelin's Counter.

import "@openzeppelin/contracts/utils/Counters.sol";
using Counters for Counters.Counter;
Counters.Counter private _tokenIds;
_tokenIds.increment(); uint256 newItemId = _tokenIds.current();
Updates

Appeal created

bube Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.