GalloDaSballo
commented
1 year ago Issue 2 founderPct may be larger than 100 Due to inconsistently casting founderPct to uint(8), founderPct may be truncated and pass all verification checks however when the baseTokenIDs is assigned, the function through loops through the full value which can cause the founder to receive full ownership of all NFTs even if OwnershipPct is set to 0.
Consider adding a check to make sure that founderPct < type(uint8).max
Dup of #303
Judge has assessed an item in Issue #593 as Medium risk. The relevant finding follows: