Re-Entrancy Vulnerability in NFT Fractionalization Function Allowing Duplicate ERC20 Tokens
Summary
The function divideNft allows a user to lock an NFT by transferring it to the contract and receive a fraction of it in the form of ERC20 tokens. The NFT is locked by transferring ownership to the contract, and the function then mints a specified amount of ERC20 tokens, which represent a fraction of that NFT. However, the function contains a vulnerability related to re-entrancy, which can be exploited to mint multiple ERC20 tokens by re-entering the function before the state is updated.
Vulnerability Details
The function does not update the contract state before performing the external call to safeTransferFrom. This allows an attacker to re-enter the contract by triggering the fallback function, allowing them to mint multiple ERC20 tokens before the contract state is updated.
Impact
The attacker could exploit the re-entrancy vulnerability by executing a malicious contract or callback function that re-enters the divideNft function during the execution, allowing them to mint multiple ERC20 tokens for a single NFT. The re-entrancy could lead to the creation of multiple ERC20 tokens for a single NFT, meaning the NFT is misrepresented by more ERC20 tokens than intended.
Tools Used
Manual review
Recommendations
Use a re-entrancy guard modifier such as nonReentrant to prevent re-entrancy attacks.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.