Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Array Length Checks in `mintBatch` and `burnBatch` Functions

brene

Summary

The mintBatch and burnBatch functions lack explicit checks to ensure that the ids and amounts arrays are of equal length. This oversight could lead to unexpected behavior or errors during batch minting and burning operations.

Vulnerability Details

The mintBatch and burnBatch functions perform batch operations on token IDs and their corresponding amounts. However, they do not explicitly verify that the ids and amounts arrays are of the same length. This can lead to mismatched data, where the number of tokens specified does not align with the number of token IDs.

function mintBatch(address to, uint256[] memory ids, uint256[] memory amounts, bytes memory data)
public
onlyRole(MINTER_ROLE)
{
_mintBatch(to, ids, amounts, data);
}
function burnBatch(address to, uint256[] memory ids, uint256[] memory amounts)
public override
onlyRole(MINTER_ROLE)
{
_burnBatch(to, ids, amounts);
}

Impact

If the arrays are of different lengths, it could lead to out-of-bounds errors or unintended behavior, potentially causing the contract to revert or execute incorrectly.

Tools Used

Manual Review

Recommendations

Add explicit checks in both mintBatch and burnBatch functions to ensure that the ids and amounts arrays have the same length before proceeding with the batch operations

Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!