Vulnerability Details

Because there is no off-chain mechanism to confirm the price of NFTs being divided and listed to be sold on the protocol, it is possible for a malicious user to create sell orders for an NFT at a price way above market value.

PoC:

• Alice has a very rare Pudgy Penguin NFT valued at 5 ETH.

• Alice calls the divideNft() function on her NFT and divides it into 10 pieces.

• Alice creates a sell order for her NFT, listing each piece to be sold at 5 ETH.

• Alice sells out her order.

• Alice makes 50 ETH.

• While this is good for ALice, it does not represent the real price of the NFT according to off-chain price feeds.

Tools Used

Manual Review

Recommendations

• Integrate price feed mechanisms to get a real-world value of NFTs being listed on the protocol.

• Put checks in place to ensure that NFTs cannot be listed for a price that is at an unfair/greedy ratio to real world value and number of divided pieces.