Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-03-CANTO-IDENTITY-FINDINGS-ISSUES-96
HistoryMar 19, 2023 - 12:00 a.m.

A user can mint a PFP NFT multiple times using the same _nftId

2023-03-1900:00:00
Code4rena
github.com
4
vulnerability
profilepicture
minting
pfp
nft
ownership
logic break
recommendation
JSON

Lines of code

Vulnerability details

Impact

A user might unintentionally “intentionally” try to take advantage of the mint() function in ProfilePicture.sol

Proof of Concept

The pfp mapping stores the pfp data per NFT, L31-32 of Profilepicture.sol
/// @notice Stores the pfp data per NFT mapping(uint256 => ProfilePictureData) private pfp; keyword “per NFT”
Now the only check that’s included in the ProfilePicture.mint() function is if the caller is the Nft owner, L81-82 of Profilepicture.sol
if (ERC721(_nftContract).ownerOf(_nftID) != msg.sender) revert PFPNotOwnedByCaller(msg.sender, _nftContract, _nftID);
No checks are included to see if a PFP NFT has already been minted for _nftId. This means that there is nothing stopping the owner of _nftId to mint more than one PFP NFT per _nftId leading to a break in the contract’s logic.

Tool used

Manual Review

Recommendation

Advisably an additional check should be included to check if a PFP NFT has already been minted for _nftId

The text was updated successfully, but these errors were encountered:

All reactions

JSON