Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Minting with Duplicate Token IDs

sergei2340

Summary

This vulnerability suggests that the EggstravaganzaNFT contract could mint NFTs with duplicate token IDs, potentially overwriting existing tokens.

Vulnerability Details

In the provided code, the EggHuntGame contract uses an incrementing counter (eggCounter) to generate token IDs, and each searchForEgg call is a separate transaction processed sequentially on Ethereum.

Additionally, assuming EggstravaganzaNFT inherits from OpenZeppelin's ERC721, the _mint function includes a check (require(!_exists(tokenId))) that prevents minting duplicate IDs. Thus, the likelihood of this occurring is very low unless the implementation deviates from this standard or contains a bug.

Impact

Overwriting an existing NFT could lead to asset loss or disputes, undermining trust in the system.

Tools Used

  • Manual code review

  • Solidity best practices and ERC721 standard guidelines

  • Grok by xAI

Recommendations

Replace manual tokenId assignment with an internal counter and use _safeMint instead of _mint for ERC721 compliance. This ensures each token ID is unique and safely minted.

uint256 private _tokenIdCounter;
function mintEgg(address to) external returns (uint256) {
require(msg.sender == gameContract, "Unauthorized minter");
_tokenIdCounter++;
_safeMint(to, _tokenIdCounter);
totalSupply += 1;return _tokenIdCounter;
}
Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!