The ERC20ToGenerateNftFraccion
contract used in the divideNft
function lacks access control on its mint
function. This issue allows any user to mint tokens for a new instance of ERC20ToGenerateNftFraccion
created through the divideNft
function, potentially leading to unintended minting of tokens.
The attacker calls getErc20InfoFromNft(address nft)
to obtain the ERC20Info erc20Address
associated with a specific NFT.
The attacker creates a new contract that interacts with the ERC20ToGenerateNftFraccion
contract, specifically using the erc20Address
retrieved from the ERC20Info
object.
Since the mint
function on the ERC20ToGenerateNftFraccion
contract is public and has no access control, the attacker can mint tokens by calling the mint
function directly on the erc20Address
.
The attacker can mint tokens equal to the amount
specified to "unlock" the NFT or any other desired quantity.
Attacks of othe scenarios can also occur due to this issue
manual review
Unauthorized Token Minting
NFT Unlocking Exploit: By minting tokens equivalent to the specified amount, attackers may manipulate or unlock NFTs without valid authorization
the mint function should be restricted to TokenDivider.sol only
Any person can mint the ERC20 token generated in representation of the NFT
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.