Closed code423n4 closed 1 year ago
This is a function with no use other than to increment a mapping value. The mapping itself has no use in the contract. I assume it will be used in UI. And in that case it's up to the UI which NFT addresses to show. Obviously, malicious or malformed NFT addresses would not be whitelisted or shown on the UI. If such addresses increment their mapping value then they can do that, there is no harm in it.
NC
Lines of code
https://github.com/code-423n4/2022-09-artgobblers/blob/fb54f92ffcb0c13e72c84cde24c138866d9988e8/src/ArtGobblers.sol#L723-L749
Vulnerability details
gobble()
function can eat more than just ERC1155 or ERC721Summary
gobble
function for not reverting needs a correct gobblerId which msg.sender is the owner of it, andnft
address not to beArtGobblers
contract address.nft
is not being checked to be actually an ERC721 or ERC1155, there is just a boolean to decide which path to take, and it is an user input.Sending for example a
gobblerId
which you own, whichever value innft
,isERC1155
=false
and whicheverid
, this can populategetCopiesOfArtGobbledByGobbler
without reverting if the address ofnft
actually includes method called at the end ofgobble()
, but without actually eating an NFTPOC
Github Permalinks
https://github.com/code-423n4/2022-09-artgobblers/blob/fb54f92ffcb0c13e72c84cde24c138866d9988e8/src/ArtGobblers.sol#L723-L749
Mitigation steps
Add a check for nft address to be ERC1155 or ERC721 and if not revert