mint() function using totalSupply() as the id for newly minted NFT will always be reverted if some NFTs were burnt
Summary
In mint(), the function use totalSupply() as the id for the future minted token, but not beware of the case if some of the NFTs were burnt affecting totalSupply().
Vulnerability Detail
If some NFTs were burnt, the totalSupply() will decrease and make the Id duplicate with the other NFTs that were minted before.
POC:
protocol minted 3 NFTs, totalSupply() is now 3
protocol burned the NFTs of id 1
totalSupply() is now 2
protocol minted a new NFTs, Id now would be 2 as the totalSupply() is 2
mint() function will be always reverted as NFT with Id 2 already exists
Impact
Protocol can't mint new NFT forever as it would duplicate the existed NFT
sonny2k
high
mint() function using totalSupply() as the id for newly minted NFT will always be reverted if some NFTs were burnt
Summary
In mint(), the function use totalSupply() as the id for the future minted token, but not beware of the case if some of the NFTs were burnt affecting totalSupply().
Vulnerability Detail
If some NFTs were burnt, the totalSupply() will decrease and make the Id duplicate with the other NFTs that were minted before.
POC:
Impact
Protocol can't mint new NFT forever as it would duplicate the existed NFT
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L173
Tool used
Manual Review
Recommendation
Use Auto Increment Ids like the one OpenZeppelin suggests for there ERC721 implementation https://wizard.openzeppelin.com/#erc721
Duplicate of #199