GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect Initialization of tokenCounter

bryanconquer

Summary

The tokenCounter is initialized to 0 in the constructor, which leads to the first minted token having a token ID of 0. Typically, token IDs should start from 1 for clarity and convention.

Vulnerability Details

tokenCounter starts at 0 instead of 1

uint256 public tokenCounter;
constructor(address _registry) ERC721("DonationReceipt", "DRC") {
registry = CharityRegistry(_registry);
owner = msg.sender;
tokenCounter = 0; // @audit should be initialized to 1
}

Impact

Impact: The first call to mint a token will use tokenCounter value of 0, which is usually avoided in many ERC721 implementations as it could cause confusion or conflicts in downstream applications.

Tools Used

Recommendations

Update the constructor to set tokenCounter to 1 instead of 0.

constructor(address _registry) ERC721("DonationReceipt", "DRC") {
registry = CharityRegistry(_registry);
owner = msg.sender;
tokenCounter = 1; // Initialize to 1
}
Updates

Lead Judging Commences

n0kto Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-bad-registry-set-at-construction

Likelyhood: High, the parameter is not well used and won't be set. Impact: Low, can be changed with the setter and no one will be able to donate to malicious charity.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.