Project

Summary

In the mint and burn_ function, the total supply (totalSupply) is calculated based on the value of tokenId. However, there is no check to ensure that tokenId falls within a valid range, allowing unexpected tokenId values to be passed in. This can result in an inaccurate totalSupply, causing discrepancies in the actual token count and introducing potential security and accuracy risks within the contract.

Vulnerability Details

The mint and burn_ function uses the formula totalSupply += amount * 2 ** (6 - tokenId); to calculate the total supply based on tokenId. This formula applies different weighting factors for tokens with different tokenId values. However, the mint function lacks any checks to ensure that tokenId is within a valid range (e.g., between 0 and 6). If an invalid tokenId (such as one greater than 6) is passed in, the calculation 2 ** (6 - tokenId) may produce unexpected results, such as very small numbers or even negative values, causing the total supply (totalSupply) to deviate from its intended value.

https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/tokens/MembershipERC1155.sol#L61

https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/dao/tokens/MembershipERC1155.sol#L74

For example, an invalid tokenId (such as tokenId = 100) would result in an incorrect or nearly zero weighting factor, leading to an inaccurate totalSupply. If the total supply is skewed, it will impact token quantity management and may disrupt the system when an accurate total supply value is required.

Impact

The total supply will not accurately reflect the number of tokens in circulation, impacting transactions, valuation, and asset management.

Tools Used

manual

Recommendations

Add a require condition to prevent invalid tokenId values from being passed in. For example: