You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
Burning any CouncilMember other than the last can prevent minting
Summary
CouncilMember is an ERC-721 which contains a mint function that mints at an index according to the supply. Since the burn function allows any token to be burned, the next id to mint can be inconsistent with the supply and can cause mint to revert since the id already exists.
describe("mintBurnMint",()=>{it("mint 2, burn the first, then mint",async()=>{// mint two NFTSawaitexpect(councilMember.mint(member.address)).emit(councilMember,'Transfer');awaitexpect(councilMember.mint(member.address)).emit(councilMember,'Transfer');// burn NFT at index 0awaitcouncilMember.burn(0,member.address);// try and mint another NFT - revertsawaitcouncilMember.mint(member.address);});});
The mint function mints the next NFT according to the current supply, assuming all consecutive NFTs exist but the burn function allows burning by any index.
Impact
This can brick the mint function temporarily. This state can be corrected, but will require burning and reminting such that all ids are consecutive.
1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid because { dupp of 109}
sherlock-admin2
changed the title
Jolly Citron Terrier - Burning any CouncilMember other than the last can prevent minting
m4ttm - Burning any CouncilMember other than the last can prevent minting
Jan 29, 2024
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
m4ttm
high
Burning any CouncilMember other than the last can prevent minting
Summary
CouncilMember
is an ERC-721 which contains a mint function that mints at an index according to the supply. Since the burn function allows any token to be burned, the next id to mint can be inconsistent with the supply and can cause mint to revert since the id already exists.Vulnerability Detail
Add the following test to [https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/test/sablier/CouncilMember.test.ts#L127](https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/test/sablier/CouncilMember.test.ts)
The mint function mints the next NFT according to the current supply, assuming all consecutive NFTs exist but the burn function allows burning by any index.
Impact
This can brick the mint function temporarily. This state can be corrected, but will require burning and reminting such that all ids are consecutive.
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L173-L182
https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L210-L222
Tool used
Manual Review
Recommendation
Change the burn function to only allow burning the last ID.
Duplicate of #199
The text was updated successfully, but these errors were encountered: