Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Unrestricted Minting of ERC20 Tokens in ERC20ToGenerateNftFraccion Contract

0x180db

Summary

The ERC20ToGenerateNftFraccion contract's mint function lacks access control, allowing any user to mint tokens arbitrarily. This vulnerability could lead to unauthorized token creation and manipulation of the NFT fraction system.

Vulnerability Details

The ERC20ToGenerateNftFraccion contract's mint function is public and lacks access controls. While the TokenDivider contract creates new instances of ERC20ToGenerateNftFraccion and mints tokens during the divideNft function, the mint function itself remains accessible to anyone.

Impact

  • Unauthorized token minting leading to token supply manipulation

  • Devaluation of legitimate NFT fractions

Tools Used

  • Manual code review

  • Performing formal verification with Quint

Recommendations

  1. Add access control to the mint function:

contract ERC20ToGenerateNftFraccion {
address public tokenDivider;
constructor(string memory name, string memory symbol, address _tokenDivider) {
tokenDivider = _tokenDivider;
}
modifier onlyTokenDivider() {
require(msg.sender == tokenDivider, "Only TokenDivider can mint");
_;
}
function mint(address to, uint256 amount) public onlyTokenDivider {
_mint(to, amount);
}
}

  1. Pass the TokenDivider contract address during ERC20 token deployment:

ERC20ToGenerateNftFraccion erc20Contract = new ERC20ToGenerateNftFraccion(
string(abi.encodePacked(ERC721(nftAddress).name(), "Fraccion")),
string(abi.encodePacked("F", ERC721(nftAddress).symbol())),
address(this)
);
Updates

Lead Judging Commences

fishy Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Lack of token access control chekcs

Any person can mint the ERC20 token generated in representation of the NFT

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.