Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

NFT Permanently Lockable by Burning a Single Fraction

0xnbvc

Vulnerability Details

The claimNft function requires users to hold the full initial minted amount of ERC20 tokens (tracked by erc20ToMintedAmount) to redeem the NFT:

function claimNft(address nftAddress) external {
// ...
if (balances[msg.sender][tokenInfo.erc20Address] < erc20ToMintedAmount[tokenInfo.erc20Address]) {
revert TokenDivider__NotEnoughErc20Balance();
}
// ...
}

A malicious user can exploit this logic as follows:

  1. Purchase a minimal amount of fractions (e.g., 1 token).

  2. Burn those tokens.

  3. Permanently lock the NFT, as no one else can accumulate the initial minted amount.

Impact

  • NFTs can become permanently unredeemable.

  • Users lose access to their underlying NFT assets.

  • Platform functionality is severely compromised.

Recommendations

Compare the user's balance against the current token supply instead of the initial minted amount:

function claimNft(address nftAddress) external {
// ...
if (balances[msg.sender][tokenInfo.erc20Address] < ERC20ToGenerateNftFraccion(tokenInfo.erc20Address).totalSupply()) {
revert TokenDivider__NotEnoughErc20Balance();
}
// ...
}

This ensures that a user only needs to accumulate all existing tokens, preventing permanent NFT locking caused by token burning.

Updates

Lead Judging Commences

fishy Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Lack of token access control chekcs

Any person can mint the ERC20 token generated in representation of the NFT

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.