Summary

The setNftValue function in the Trustee contract does not validate its input, allowing the trustee to set an NFT’s value to zero. This can disrupt the intended buyout calculation logic.

Vulnerability Details

Without proper input validation, a trustee can maliciously set the value of an NFT to zero. In scenarios where the NFT value is used to calculate buyout amounts (as in the buyOutEstateNFT function), this manipulation can lead to incorrect or unfair fund distribution among beneficiaries, thereby impacting the overall estate valuation and distribution process.

Impact

Indirect Impact: The manipulation affects the accuracy of buyout calculations, potentially causing beneficiaries to receive incorrect payouts.

Tools Used

Manual review

Recommendations

Introduce a check in setNftValue to ensure that the NFT value is above a minimum threshold (e.g., non-zero) to prevent manipulation.

Consider additional constraints or logging when the NFT value is changed to enhance transparency.