The `erc20ToNft` mapping stores incomplete information about the NFT it is pegged to
Summary
The divideNft function creates an ERC20 token for a selected NFT (nftAddress) and stores its association in the erc20ToNft mapping. However, this mapping only stores the nftAddress, which could represent an entire collection rather than a unique NFT. This results in incomplete and potentially misleading data, as NFTs are uniquely identified by both nftAddress and tokenId.
Vulnerability Details
In the divideNft function, the following line assigns data to the erc20ToNft mapping:
https://github.com/Cyfrin/2025-01-pieces-protocol/blob/4ef5e96fced27334f2a62e388a8a377f97a7f8cb/src/TokenDivider.sol#L129
Here, only the nftAddress is stored, which may not uniquely identify the NFT. For example, in collections with multiple NFTs, this mapping would fail to specify the exact NFT associated with the created ERC20 token. Although this mapping is not currently used elsewhere in the contract, storing incomplete information is incorrect and could lead to confusion or potential issues in future implementations.
Impact
There is no direct functional impact, as the mapping is not used elsewhere in the contract. However, the inaccurate representation of data in the mapping could lead to confusion for developers or auditors, particularly if the mapping is used in future contract updates or extensions.
Tools Used
Manual code review
Recommendations
Update the mapping to store complete information about the NFT associated with the created ERC20 token. This can be achieved as follows:
Define a new struct to represent the NFT's full details:
Modify the
erc20ToNftmapping to use the struct:
Update the
divideNftfunction to store the complete information:
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.