Assessment reportsPublic findings
Back to Zellic site
Assessment reports>MightyNet>Low findings>Missing registry check in ,restrict
GeneralOverview
Findings
Low (2)Missing registry check in `restrict`Restriction pattern creates centralization risk
Informational (2)
DiscussionContracts are upgradeableTransfer restriction logic omitted in ERC721RestrictableDocumentation
Threat ModelsWhat are threat models?MightyNetERC721RestrictedRegistry.sol
Audit ResultsSummary
Category: Coding Mistakes

Missing registry check in restrict

Low Severity
Low Impact
Low Likelihood

Description

Each ERC721Restrictable token has an associated registry contract for managing restrictions. The restrict function in MightyNetERC721RestrictedRegistry does not check whether the contract itself is set as the target token's registry.

function restrict(
	address tokenContract,
	uint256[] calldata tokenIds
) external override onlyRole(RESTRICTOR_ROLE) nonReentrant whenNotPaused {
	uint256 tokenCount = tokenIds.length;
	if (tokenCount == 0) {
		revert InvalidTokenCount(tokenCount);
	}
	for (uint256 i = 0; i < tokenCount; ++i) {
		uint256 tokenId = tokenIds[i];
		if (!ERC721Restrictable(tokenContract).exists(tokenId)) {
			revert InvalidToken(tokenContract, tokenId);
		}
		bytes32 tokenHash = keccak256(
			abi.encodePacked(tokenContract, tokenId)
		);
		if (_isRestricted(tokenHash)) {
			revert TokenAlreadyRestricted(tokenContract, tokenId);
		}
		_tokenRestrictions[tokenHash] = msg.sender;
	}
	emit Restricted(tokenContract, tokenIds);
}

Impact

This behavior would exacerbate upgrade or configuration issues in other contracts that interact with ERC721Restrictable tokens. If a contract tries to restrict a token using the incorrect registry contract, the action will fail silently. This might allow users to earn rewards on unlocked tokens.

Recommendations

The restrict function should include an assertion that restrictedRegistry in the token contract indeed matches address(this). Alternatively, Mighty Bear Games could add a separate safeRestrict function that includes this check.

Remediation

Mighty Bear Games acknowledges this finding.They added an assertion as recommended to the beginning of the scope of the restrict function in the V2 contract. If the assertion fails, it reverts with a newly introduced error ContractNotUsingThisRestrictedRegistry(address tokenContract).

Mighty Bear Games has provided the response below:

by adding the registry check to MightyNetERC721RestrictedRegistryV2. MightyNetERC721RestrictedRegistry was already deployed on ethereum. MightyNetERC721RestrictedRegistryV2 will be deployed on our L2 chain.

Zellic © 2024Back to top ↑