Security Snippets: #4

And here is another interesting finding from the same protocol - AI Arena. It shows us the importance of checking uint ranges!

Here users are able to mint NFT (as fighters) and each id is a uint256 integer. But...

FighterFarm::reRoll uses uint8 for nft id as input, which will stop people calling this function who owns id greater than 255. It will lead to not being able to use the reRoll to get random traits, which could have been better for there game performance.

   function reRoll(uint8 tokenId, uint8 fighterType) public {
        require(msg.sender == ownerOf(tokenId));
        require(numRerolls[tokenId] < maxRerollsAllowed[fighterType]);
        require(_neuronInstance.balanceOf(msg.sender) >= rerollCost, "Not enough NRN for reroll");
        ...
        }
    } 

It takes uint8 as input for tokenId parameter. Which will restrict users to call this function when they own nft id greater than 255.

Value will go out of bounds when user will input 256 or more.

Be careful when using different uint integers!