No Check to Prevent Multiple Fractioning of the Same NFT
Description
divideNft does not check whether the NFT at (nftAddress, tokenId) has already been fractioned. A malicious user or a naive user could call divideNft multiple times on the same NFT, deploying multiple ERC20 fraction contracts while the NFT is already held in the contract.
Though this checks ownership before transferring in, once the NFT is in the TokenDivider contract, a user could attempt to fraction it again if they still pass the onlyNftOwner check or if some logic hole arises in the future.
(Currently, the onlyNftOwner check uses IERC721(nftAddress).ownerOf(tokenId) == msg.sender, so it will revert if the contract holds the NFT. However, it is prudent to block second fraction attempts in the code for clarity and to avoid partial logic errors.)
Impact
Confusion or Collisions: Attempted second fraction might break state or cause confusion, especially in the event that
tokenIdis incorrectly recognized as still owned by the user (for certain non-standard NFT implementations).
Recommendation
Add a check to ensure that
(nftAddress, tokenId)is not already recorded as fractioned (e.g., by storing a boolean in a mapping or verifying the contract’s ownership prior to fractioning).
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.