Pieces Protocol

First Flight #32

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

ERC20Tokens transfers balance mismatched causing unclaimable NFT

0xalexsr

Summary

When dividing an NFT, an ERC20 token is created. Transfers executed via this ERC20 token contract aren't tracked and will cause a balance mismatch in TokenDivider::claimNft contract causing the NFT to be unclaimable even if the user has all the erc20 minted for the NFT.

Vulnerability Details

TokenDivider::claimNft tracks users balance directly and works when transfers are made via transferErcTokens but transfers made via the ERC20 contract won't update the balance mapping within TokenDivider.

Impact

Users won't be able to claim NFT if some tokens were received via ERC20 transfers and not via TokenDivider::claimNFT

Users won't be able to use TokenDivider::sellErc20 with token transferred via ERC20 transfer functions

POC

function testTransfersViaERC20ArentTracked() public nftDivided {

ERC20ToGenerateNftFraccion fraccionERC20 = ERC20ToGenerateNftFraccion(

tokenDivider.getErc20InfoFromNft(address(erc721Mock)).erc20Address

);

assertEq(

tokenDivider.getErc20TotalMintedAmount(address(fraccionERC20)),

AMOUNT

);

vm.prank(USER);

fraccionERC20.transfer(USER2, AMOUNT);

// Tokens balance are correctly tracked by the ERC20 contract

assertEq(fraccionERC20.balanceOf(USER), 0);

// USER2 has all the tokens

assertEq(fraccionERC20.balanceOf(USER2), AMOUNT);

vm.prank(USER2);

// User can't claim the NFT despite having the total AMOUNT

vm.expectRevert(

TokenDivider.TokenDivider__NotEnoughErc20Balance.selector

);

tokenDivider.claimNft(address(erc721Mock));

}

Recommendations

Users balance could be checked directly using the underlying ERC20.balanceOf(msg.sender)

Updates

Lead Judging Commences

fishy Lead Judge 9 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Transfer ERC20ToGenerateNftFraccion separately to the contract

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.