Incorrect Behavior When NFT Address Is Not Pegged
Summary
The sellErc20 function in line 211-233 does not validate whether the provided nftPegged address is actually linked to a valid ERC20 token in the nftToErc20Info mapping. If a user inputs an unlinked or invalid address, the function retrieves an empty ERC20Info struct, leading to potential unexpected behavior or failures later in the function execution. This could confuse users or create issues in the contract's logic.
Vulnerability Details
The vulnerability arises from the lack of validation to confirm that the nftPegged address is associated with a valid ERC20 token in the nftToErc20Info mapping. Specifically:
-
Unchecked Mapping Lookup:
WhennftPeggedis used to retrieveERC20Infofrom thenftToErc20Infomapping:ERC20Info memory tokenInfo = nftToErc20Info[nftPegged];
If
nftPeggedis not mapped to any ERC20 token, the returnedtokenInfo.erc20Addresswill beaddress(0). This situation is not explicitly checked, allowing further operations to proceed incorrectly.
Impact
Users can unintentionally or maliciously input an invalid nftPegged address, causing unexpected reverts or logical errors. This disrupts the contract’s functionality and can lead to user confusion or the creation of invalid sell orders.
Tools Used
Manual review.
Recommendations
Add a validation check to ensure that the nftPegged address exists in the nftToErc20Info mapping and is associated with a valid ERC20 token before proceeding.
Example:
if (nftToErc20Info[nftPegged].erc20Address == address(0)) {
revert TokenDivider__InvalidNftPegged();
}
Lead Judging Commences
Wrong nft collection handling
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.