IvanFitro - CouncilMember.sol :: Burning a NFT impossibilities minting new NFTs (DOS). #6
Labels
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
IvanFitro
high
CouncilMember.sol :: Burning a NFT impossibilities minting new NFTs (DOS).
Summary
mint()
is used to create new NFTs for users. However, a problem arises when an NFT is burned, making it impossible to mint new NFTs due to the calculation of the nftID being dependent on thetotalSupply()
.Vulnerability Detail
When the
mint()
is called to create a new NFT for a user, the calculation of the nftID relies on thetotalSupply()
.Initially, this process works as expected. However, a problem arises when an NFT is burned using the burn() , as it decrements the totalSupply.
The issue becomes apparent when the burned NFT is not the latest one minted. In such a scenario, the subsequent call to
mint()
reverts. This failure occurs because it attempts to use an nftID that already exists (owned by other user).As a consequence, the transaction reverts with the ERC721 custom error
ERC721InvalidSender("0x0000000000000000000000000000000000000000")
.This is because for the successful minting of a new NFT, the previous owner must be the zero address. This situation provocates a Denial of Service (DOS).
POC
To run the POC, copy the provided code into the
CouncilMember.test.ts
file.Impact
New NFTs can't be minted (DOS).
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L173-L182
https://github.com/sherlock-audit/2024-01-telcoin/blob/0954297f4fefac82d45a79c73f3a4b8eb25f10e9/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L210-L222
Tool used
Manual Review.
Recommendation
To address this issue, introduce a state variable that increments with each minted NFT.
uint256 nftID;
Duplicate of #199
The text was updated successfully, but these errors were encountered: