Pieces Protocol

First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Submission Details
Severity: high
Valid

Vulnerability in ERC20ToGenerateNftFraccion Contract: Lack of Access Control on Mint Function

Summary

The ERC20ToGenerateNftFraccion contract used in the divideNft function lacks access control on its mint function. This issue allows any user to mint tokens for a new instance of ERC20ToGenerateNftFraccion created through the divideNft function, potentially leading to unintended minting of tokens.

Vulnerability Details

function mint(address _to, uint256 _amount) public {
_mint(_to, _amount);
}

The attacker calls getErc20InfoFromNft(address nft) to obtain the ERC20Info erc20Address associated with a specific NFT.

The attacker creates a new contract that interacts with the ERC20ToGenerateNftFraccion contract, specifically using the erc20Address retrieved from the ERC20Info object.

Since the mint function on the ERC20ToGenerateNftFraccion contract is public and has no access control, the attacker can mint tokens by calling the mint function directly on the erc20Address.

The attacker can mint tokens equal to the amount specified to "unlock" the NFT or any other desired quantity.

Attacks of othe scenarios can also occur due to this issue

Tools Used

manual review

Impact

Unauthorized Token Minting

NFT Unlocking Exploit: By minting tokens equivalent to the specified amount, attackers may manipulate or unlock NFTs without valid authorization

Recommendations

the mint function should be restricted to TokenDivider.sol only

Updates

Lead Judging Commences

fishy Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Lack of token access control chekcs

Any person can mint the ERC20 token generated in representation of the NFT

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.