Summary

In the MembershipERC1155 contract, the mint function calculates totalSupply based on a weighted multiplier determined by the tokenId. However, if tokenId exceeds the expected range, the calculation for totalSupply can result in an underflow due to the negative exponent, producing an unexpected large multiplier. This discrepancy can lead to an inaccurate totalSupply, impacting any contract logic or governance relying on correct supply data. The vulnerability demonstrates a failure in ensuring tokenId constraints and exposes the contract to potentially critical consequences in supply calculation.

Vulnerability Details

The intent appears to be applying a weight based on tokenId to control the influence of each mint operation on the global totalSupply. However, when tokenId is greater than 6, the expression 2 ** (6 - tokenId) attempts to calculate a negative exponent. Since Solidity lacks native support for negative exponents, this operation leads to an underflow, where the result wraps around and becomes a large value due to unsigned integer behavior. This behavior allows attackers to manipulate totalSupply by minting tokens with tokenId values greater than 6.

Impact

Since the calculated total supply can be exaggerated by large underflow values, any logic depending on the totalSupply will be unreliable.

Tools Used

Manual analysis

Recommendations

Ensure tokenId values remain within a valid range (e.g., 0 <= tokenId <= 6) to prevent underflow. This can be achieved by adding a validation check within the mint function: