Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Possibility of integer overflow and underflow in `MembershipERC1155::mint` and `MembershipERC1155::burn`

paolinapetkova

Summary

Possibility of integer overflow and underflow in MembershipERC1155::mint and MembershipERC1155::burn. Missing emitted events.

Vulnerability Details

Solidity does not handle floating-point arithmetic, and 2 ** -2 would imply 1 / (2 ** 2) or 0.25, which is not representable as an integer in Solidity. Therefore, if tokenId is 8 or any value greater than 6, the expression would revert due to an invalid exponent.
It is good practice events to be emited when performing burn or mint of tokens for better tokens tracking.

Impact

Function will revert.

Tools Used

Manual review

Recommendations

To prevent this, you should limit the range of tokenId using a require statement to ensure that tokenId stays within the intended range (e.g., 0 <= tokenId <= 6).

function mint(address to, uint256 tokenId, uint256 amount) external override onlyRole(OWP_FACTORY_ROLE) {
+ require(tokenId >= 0 && tokenId <= 6, "Invalid token ID");
totalSupply += amount * 2 ** (6 - tokenId); // Update total supply with weight
_mint(to, tokenId, amount, "");
+ emit Mint(to, tokenId, amount);
}
function burn_(address from, uint256 tokenId, uint256 amount) internal {
+ require(tokenId >= 0 && tokenId <= 6, "Invalid token ID");
totalSupply -= amount * 2 ** (6 - tokenId); // Update total supply with weight
_burn(from, tokenId, amount);
+ emit Burn(from, tokenId, amount);
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.