Closed c4-submissions closed 7 months ago
141345 marked the issue as sufficient quality report
a2rocket (sponsor) disputed
this is the intended design, burnToMint's new token inherints the burnt token tokenData.
The Warden specifies that it is undesirable to inherit the tokenData
of the burnt token for a newly minted token via burnToMint
, however, the Sponsor dictates that this is expected behavior.
Given that this data is meant for off-chain purposes and the Sponsor cites this as desirable behaviour, I consider this exhibit invalid. To note, this is also detailed in the project's documentation provided during the contest.
alex-ppg marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/NextGenCore.sol#L218
Vulnerability details
Impact
When the
burnToMint()
function is called, a token from one collection is burned and a new token from a new collection is minted. The oldesttokenData
is transferred to the newly minted token, which is incorrect._mintProcessing(mintIndex, ownerOf(_tokenId), tokenData[_tokenId], _mintCollectionID, _saltfun_o);
The term
tokenData
refers to additional data that will be stored on-chain for each minted token. The data for every token is expected to be different and once set,tokenData
can not be changed in the future.This design may introduce potential issues if a user wishes to store different data on-chain and no longer use the old
tokenData
.Recommended Mitigation Steps
Add the possibility for the user to change
tokenData
when usingburnToMint()
.Assessed type
Context