Beatland Festival

First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Submission Details
Impact: high
Likelihood: medium
Invalid

Token ID Overflow in `encodeTokenId()`

Line: 153

Description: No boundary checks for collectionId/itemId allow token ID collisions.
Impact: NFT loss, token forgery, system integrity compromise.
Recommendation:

function encodeTokenId(uint256 collectionId, uint256 itemId) public pure returns (uint256) {
require(collectionId < 2**(256-COLLECTION_ID_SHIFT), "CID overflow");
require(itemId < 2**COLLECTION_ID_SHIFT, "IID overflow");
return (collectionId << COLLECTION_ID_SHIFT) + iid;
}

PoC:

function test_TokenIdOverflow() public {
// Normal token: collection=1, item=1
uint256 normalToken = festivalPass.encodeTokenId(1, 1);
// Malicious token: collection=0, item=(1 << 128) + 1
uint256 exploitToken = festivalPass.encodeTokenId(0, (1 << 128) + 1);
// Collision occurs
assertEq(normalToken, exploitToken);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 24 days ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.