Summary

In the contract TokenDivider.sol in the

the bug arises because ERC20 tokens are minted before the actual transfer of the NFT. This creates a situation where the contract might end up holding ERC20 tokens, but no actual NFT, if the transfer fails

Vulnerability Details

• The contract first creates a new ERC20 contract (erc20Contract) to represent fractionalized NFTs.

• Immediately after, it mints a specified amount of ERC20 tokens to the contract’s address (address(this)).

However, at this point, the NFT has not been transferred yet to the contract

Problem: The ERC20 tokens are minted before the transfer is even attempted. If for any reason the transfer fails (e.g., the safeTransferFrom call reverts due to invalid ownership or an incorrect tokenId), the contract will still hold the newly minted ERC20 tokens, but it will not have received the NFT it was supposed to fractionalize. This can lead to a state where the contract has tokenized NFTs without actually owning the underlying assets, which violates the expected behavior of fractionalizing an NFT.

Impact

The failure to properly mint ERC20 tokens after successfully transferring the NFT can have serious consequences, including:

Loss of Tokens: If the NFT transfer fails and tokens are minted first, the minted ERC20 tokens will exist without a corresponding NFT backing them. Users may believe they own a fraction of an NFT when, in fact, no such NFT exists in the contract's possession.

Tools Used

manual review

Recommendations

Suggested Fix

To address this issue, the minting of ERC20 tokens should occur only after the successful transfer of the NFT. This can be done by moving the token minting logic after the safeTransferFrom call.