Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Overly Permissive setNftValue function (Trustee.sol)

simranjitsinghss

Summary:

Hi,

I have found out some potential bug in the contract 'Trustee.sol' in which the function setNftValue is massively permissive and can lead to setting any absurd value for the NFT by Trustee.

Vulnerability Details:

The key details of this potential vulnerability can be given as follows:

In this contact, the function setNftValue allows trsutee to set any value for any NFT index without restrictions.

Impact:

  1. Lack of restrictions on _value could break assumptions in inheriting contracts i.e. allowing 0 or very large numbers.

  2. Setting incorrect or malicious values could lead to loss of funds.

Tools Used:

Manual Code Analysis

Recommendations:

Make a custom range for the price of NFT so that trustee can't exploit the function and set very large or very little i.e. 1 wei amount. The sample code implementation can be given as follows (In this example, I am creating a range between 1 ether to 10 ether in which it can differ in your case):

function setNftValue(uint256 _index, uint256 _value) public onlyTrustee {
require(_value > 1 ether, "Value must be greater than 1 ether");
require(_value > 10 ether, "Value must be lesser than 10 ether");
nftValue[_index] = _value;
emit NftValueSet(_index, _value);
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.