Omniscia Nexera Audit
MinimalisticERC1155WithERC20FractionsDataManager Manual Review Findings
MinimalisticERC1155WithERC20FractionsDataManager Manual Review Findings
MEW-01M: Inexistent Reservation of Names & Symbols
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | MinimalisticERC1155WithERC20FractionsDataManager.sol:L527-L537 |
Description:
The deployment system of EIP-20 sub-implementations of EIP-1155 fractions does not reserve the names and symbols it utilizes for them, permitting two distinct EIP-20 implementations to have the same name and symbol.
Impact:
A minter can configure a new EIP-20 fraction with a name and symbol corresponding to the ID of another which should be prohibited.
Example:
527function _prepareNameAndSymbol(bytes memory data, uint256 id) private view returns (string memory, string memory) {528 string memory name_;529 string memory symbol_;530 if (data.length != 0) {531 (name_, symbol_) = abi.decode(data, (string, string));532 } else {533 name_ = string.concat(name(), " ", Strings.toString(id));534 symbol_ = string.concat(symbol(), "-", Strings.toString(id));535 }536 return (name_, symbol_);537}Recommendation:
We advise the system to properly reserve name and symbol combinations via a mapping declarations, preventing the same name and symbol combination from being used more than once.
Alleviation:
The code was updated to instead no longer permit custom name and symbol values to be defined via the associated data payload, indirectly alleviating this exhibit as duplicate names are now solely possible via tokens possessing the same name and symbol.