Closed c4-submissions closed 7 months ago
141345 marked the issue as duplicate of #478
alex-ppg marked the issue as not a duplicate
alex-ppg marked the issue as primary issue
alex-ppg marked the issue as duplicate of #478
alex-ppg marked the issue as partial-50
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/NextGenCore.sol#L147-L168
Vulnerability details
Impact
The function setCollectionData can be called more than once till the collectionTotalSupply isnt changed. This can give rise to many issues like :
1) reservedMaxTokensIndex can be changed even after setting the details of the collection. This can be done by first calling the setCollectionData function with _collectionTotalSupply as 0 and then after sometime calling this function again , but this time setting the correct values. These occurences can distrupt the protocol.
2) The values like collectionArtistAddress can also be changed even after the artist has signed the collection.
Proof of Concept
Here is a scenario :
1) A Collection is created by the functional admin and correspoding to the same collectionID the collection data is filled but with _collectionTotalSupply as 0 and with _collectionArtistAddress as the address of the artist of the collection
2) The artist not questioning anything signs the collectionID by calling the artistSignature
3) But once this is done , the collection admin can once again call the function this time setting a valid totalSupply and with different _collectionArtistAddress address.
Tools Used
Manual Review
Recommended Mitigation Steps
Consider adding a check check in function setCollectionData for parameter _collectionTotalSupply to be not equal to 0.
Assessed type
Governance