Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

L-1: Critical function lacks array length mismatch check

0x27281m

Description

In OWPIdentity.sol, the mintBatch and burnBatch functions do not check the lengths of the input ids and amounts arrays. To ensure the two arrays do not go out of bounds, their lengths should be checked for equality.

PS: Even if MINTER_ROLE operates with trusted, reasonable inputs, array length mismatch checks for ids and amounts should still be added within the functions. Recommendation: Reference the array length mismatch check in the burnBatchMultiple function for the fix.

Impact

After inputting large amounts of data, MINTER_ROLE could inadvertently cause the lengths of the ids and amounts arrays to be inconsistent due to momentary oversight, leading to incorrect operations being executed by mintBatch and burnBatch.

Recommendations

function mintBatch(address to, uint256[] memory ids, uint256[] memory amounts, bytes memory data)
public
onlyRole(MINTER_ROLE)
{
+ require(amounts.length == ids.length, "Invalid input");
_mintBatch(to, ids, amounts, data);
}
function burnBatch(address to, uint256[] memory ids, uint256[] memory amounts)
public override
onlyRole(MINTER_ROLE)
{
+ require(amounts.length == ids.length, "Invalid input");
_burnBatch(to, ids, amounts);
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.