sofianeOuafir
commented
2 years ago In my opinion, the severity level should be 3 (High Risk) instead of 2 (Med Risk)
duplicate of #4
Closed code423n4 closed 2 years ago
sofianeOuafir
commented
2 years ago In my opinion, the severity level should be 3 (High Risk) instead of 2 (Med Risk)
duplicate of #4
Lines of code
https://github.com/code-423n4/2022-03-joyn/blob/main/core-contracts/contracts/CoreCollection.sol#L78-L97
Vulnerability details
Impact
The
initialize()function is called byCoreFactory.solwhen creating projects or adding collections to an existing project. When ownership of theCoreCollection.solcontract is transferred to the project owner, it gives the owner access to a subset of functions, including theinitialize()function.This function does not implement proper access control to prevent reinitialization. As such, an owner could rug its own collection by reinitializing with a mint fee of zero and a different
maxSupply, allowing them to potentially a duplicate NFT as thetokenIdis calculated by the following equation:tokenId = ((startingIndex + totalSupply()) % maxSupply) + 1Recommended Mitigation Steps
Prevent collection owners from reinitializing the
CoreCollection.solcontract by making use of OpenZeppelin'sInitializable.solcontract.