Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

function `mint()` and `burn_()` has no checks for tokens not defined by the protocol's standard `tokenId > 6`.

chiefboffin

Summary

The MembershipERC1155.sol contract being an ERC1155 compatible contract, manages multiple token types where a single deployed contract may include any combination of fungible tokens, non-fungible tokens or other configurations. During minting and burning in function mint() and burn_() respectively, totalSupply is updated based on the weight of tokenId, amount * 2 ** (6 - tokenId); . However, the current implementation does not enforce a range check for tokenId > 6. As a result, function mint() and burn_() may revert if tokenId exceeds 6.

Vulnerability Details

Unchecked Token ID Range in Minting and Burning Functions:

The mint() and burn_() functions compute the totalSupply with a weighted factor of amount * 2 ** (6 - tokenId). Without explicit checks, transactions that use tokenId values greater than 6 revert.
function mint(address to, uint256 tokenId, uint256 amount) external override onlyRole(OWP_FACTORY_ROLE) {
totalSupply += amount * 2 ** (6 - tokenId); // Update total supply with weight
_mint(to, tokenId, amount, "");
}
function burn_(address from, uint256 tokenId, uint256 amount) internal {
totalSupply -= amount * 2 ** (6 - tokenId); // Update total supply with weight
_burn(from, tokenId, amount);
}
Both functions lacks a validation for tokenId to ensure it falls within the supported range, potentially causing unnecessary reverts.
The lack of a tokenId range check increases the risk of accidental transaction reverts for token IDs outside the compatible range.

Impact

The unchecked range for tokenId can lead to unexpected reverts, which may cause failed transactions, potentially affecting the functionality of mint() and burn_() functions in contract MembershipERC1155.solwhen interacting with tokens not defined by the protocol's standard.

Tools Used

Foundry and Remix IDE: Used for deployment, testing, and simulating scenarios where tokenId values exceed the valid range.

Recommendations

Implement Token ID Range Checks in Mint and Burn Functions:
Update the mint() and burn_() functions to enforce a tokenId range of 1 to 6. This can be done using a require statement to validate tokenId within the allowed range:

require(tokenId >= 1 && tokenId <= 6, "Token ID out of range");

Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

0xbrivan2 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!