Submission Details
Severity:
No limit on NFT dividends, and this can lead to gas attacks
Summary
Users can divide their NFTs into type(uint256).max number of pieces. This could lead to serious gas issues and a possible DOS attack if all pieces are to be listed on the protocol.
Vulnerability Details
PoC
function test_no_limit_on_sell_orders() public {
address alice = makeAddr("alice");
erc721Mock.mint(alice); // Mint mock nft to Alice
assert(erc721Mock.ownerOf(1) == alice);
// divide nft
vm.startPrank(alice);
erc721Mock.approve(address(tokenDivider), 1);
uint256 max = type(uint256).max;
console.log(max);
tokenDivider.divideNft(address(erc721Mock), 1, max);
// create sell order
ERC20Mock erc20Mock = ERC20Mock(tokenDivider.getErc20InfoFromNft(address(erc721Mock)).erc20Address);
erc20Mock.approve(address(tokenDivider), max);
tokenDivider.sellErc20(address(erc721Mock), 1e18, max);
vm.stopPrank();
}
Tools Used
Manual Review
Foundry
Recommendations
The protocol should set a max number of pieces that an NFT can be divided into.
Updates
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.