Submission Details
Impact:
Likelihood:
Token ID Starts at Zero inside the `BidBeasts_NFT_ERC721::mint` function
Description
-
NFT token IDs typically start from 1 to avoid confusion with default/uninitialized values in mappings and arrays.
-
The contract starts token IDs from 0, which can cause issues when token ID 0 is used as a default value to represent "no token" in other parts of the system or integrating contracts.
function mint(address to) public onlyOwner returns (uint256) {
@> uint256 _tokenId = CurrenTokenID;
_safeMint(to, _tokenId);
emit BidBeastsMinted(to, _tokenId);
@> CurrenTokenID++;
return _tokenId;
}
Risk
Likelihood:
-
Every first minted NFT will have token ID 0
-
Integration issues occur when other systems assume 0 means "no token"
Impact:
-
Potential confusion in marketplace integrations where 0 typically means "no token"
-
Harder debugging when dealing with default values
Proof of Concept
function test_MEDIUM_TokenIdStartsAtZero() public {
vm.prank(OWNER);
uint256 firstTokenId = nft.mint(ALICE);
// First token ID is 0, which can be problematic
assertEq(firstTokenId, 0, "First token ID should be 0");
assertEq(nft.ownerOf(0), ALICE, "Token ID 0 should be owned by Alice");
}
Recommended Mitigation
- uint256 public CurrenTokenID;
+ uint256 public CurrenTokenID = 1;
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.