Incorrect Multiplier in NFT Buyout
Summary
The buyOutEstateNFT function miscalculates the amount a buyer needs to pay for an estate NFT. The incorrect multiplier results in unintended fund distribution, which may lead to an overpayment or underpayment issue.
Vulnerability Details
In the buyOutEstateNFT function, the finalAmount is computed as:
CopyEdit
uint256 multiplier = beneficiaries.length - 1; uint256 finalAmount = (value / divisor) * multiplier;
If there is only one beneficiary,
beneficiaries.length - 1results in0, meaningfinalAmountbecomes0, causing an unintended free NFT transfer.If there are multiple beneficiaries, the formula may not correctly reflect the expected value distribution, potentially leading to financial inconsistencies.
Impact
Potential financial loss for either the seller or the beneficiaries due to an incorrect price calculation.
The contract may unintentionally allow free NFT transfers if there is only one beneficiary.
Tools Used
Manual Code Review
Recommendations
-
Correct the multiplier calculation to ensure fair value distribution:
uint256 finalAmount = value; // Buyers should pay the full valueuint256 finalAmount = value; // Buyers should pay the full value -
Verify that the correct amount is transferred before proceeding with the NFT burn.
Lead Judging Commences
buyOutNFT has wrong denominator
buyOutNFT has wrong denominator
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.