Dividing another token from the same NFT locks the previous token in the contract
Summary
When user divides a token from an NFT that already has been divided (for another tokenId), the previously divided token is locked in the contract.
Vulnerability Details
The nftToErc20Info mapping contains information for divided NFT and its value is changed in function TokenDivider::divideNft:
However, the mapping value is overwritten every time when a token from the same NFT is divided. Let's consider the scenario below:
User A divides token with id 1 of the NFT. The
nftToErc20Info[nftAddress]value is set to data for ERC20 token for the token with id 1User B divides token with id 2 of the same NFT. The
nftToErc20Info[nftAddress]value is overwritten with data for ERC20 token for the token with id 2
After that, the data for ERC token for token 1 is lost and the NFT token is locked in the contract since no one can claim it. The reason that no one can claim it is that in function TokenDivider::claimNft the value from the mapping is used and it now contains data for token 2.
Impact
NFT token is locked in the contract.
Tools Used
Manual review
Recommendations
Store data for tokens for every token id in an NFT.
Lead Judging Commences
Wrong nft collection handling
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.