Pieces Protocol

First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Submission Details
Severity: high
Invalid

The same NFT can be divided several times

Summary

There is NO check to prevent multiple divisions of the same NFT, that should be unique.

Vulnerability Details:

There is no check to prevent multiple divisions of the same NFT.

Impact

The same NFT could be divided multiple times by transferring it back to a user.

Different amounts of ERC20 tokens could be minted for the same NFT in different divisions.

No standardization of how many ERC20 tokens represent one NFT.

Create inflation of fractionalized tokens

Create confusion about which tokens are legitimate

Make it impossible to properly track ownership percentages

Tools Used

Manual review

Recommendations

Add NFT Division State Tracking:

// Add a mapping to track divided NFTs
mapping(address nft => mapping(uint256 tokenId => bool)) private isNftDivided;
function divideNft(address nftAddress, uint256 tokenId, uint256 amount) onlyNftOwner(nftAddress, tokenId) external {
// Check if NFT is already divided
if(isNftDivided[nftAddress][tokenId]) {
revert TokenDivider__NftAlreadyDivided();
}
// Mark NFT as divided before proceeding
isNftDivided[nftAddress][tokenId] = true;
// Rest of the division logic...
}

Add Cleanup in the claimNft function:

function claimNft(address nftAddress) external {
// Existing checks...
ERC20Info storage tokenInfo = nftToErc20Info[nftAddress];
// Clear the divided state when NFT is claimed
isNftDivided[nftAddress][tokenInfo.tokenId] = false;
delete nftToErc20Info[nftAddress]; // Clear ERC20 info
delete erc20ToNft[tokenInfo.erc20Address]; // Clear reverse mapping
// Rest of claim logic...
}
Updates

Lead Judging Commences

fishy Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.