A chain re-org would make a forger forge the wrong NFT and could even lose funds due to this

[howlbot-integration[bot]]

Lines of code

https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/EntityForging/EntityForging.sol#L102

Vulnerability details

Proof of Concept

Protocol is to deploy on Base network

Protocol allows forging via Forging.sol#L102

When forging there is a need to get the listed NFT's by their Ids.

This then means that this scenario is possible.

• Two different integrators mint & list their NFTs for forging
• NFT A is very rare, as such the owner sets the forge fee to be 1.5Ether.
• NFT B is not too rare so the fee is 0.1 Ether.
• They both list their NFTs for forging.
• The forger seeing this attempts to forge NFT A so as to own it.
• A chain reorg happens and the order of transactions is swapped.
• The forger ends up forging the wrong NFT less rare, and they end up losing 1.4 ETH in the process.

Impact

A chain re-org would make a forger forge the wrong NFT and could even lose funds due to this, since they pay too much for forging and end up forging the wrong NFT.

Recommended Mitigation Steps

When forging the listed tokens consider the forger to indicate the fees of the NFTs they would like to forge, so in our case here even if the re-org happens the tx would revert since the fees wouldn't match.

Assessed type

Timing

[c4-judge]

koolexcrypto marked the issue as satisfactory