The
divideNft
function generates and mints an ERC20 token as a fraction of an NFT and then transfers the NFT frommsg.sender
to the contract. However, the current implementation:
Updates (
balances
,erc20ToMintedAmount
,erc20ToNft
) **after **calling TranssafeferFrom.TranssafeferFrom uses the
=
assignment operator instead of+=
forbalances
anderc20ToMintedAmount
.
State Updates after TranssafeferFrom is called.
Incorrect Assignment (=
instead of +=
):
Using =
instead of +=
inbalances
, erc20ToMintedAmount
, and erc20ToNft
This causes balances and total minted amounts to reset if the function is called multiple times for the same token.
Inconsistent State: If the transfer fails, the contract state will not match expectations.
Loss of Data: Reassigning instead of incrementing (+=
) can overwrite existing values, causing loss of balances or previously minted amounts.
Exploitation: A malicious actor might exploit the overwritten values, particularly if they can reset or manipulate state variables intentionally.
Manual review
Updating state before calling TranssafeferFrom, and replace = with +=.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.