`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

[howlbot-integration]

Lines of code

https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/EntropyGenerator/EntropyGenerator.sol#L206

Vulnerability details

The EntropyGenerator contract has an issue where the initializeAlphaIndices() function uses the wrong modifier. This function is supposed to be called by the TraitForgeNft contract, but it currently uses the onlyOwner modifier instead of onlyAllowedCaller.

Impact

The initializeAlphaIndices() function will not be callable by the TraitForgeNft contract as intended. This could lead to failures in the expected functionality of the system, particularly in scenarios where the indices need to be initialized or updated by the TraitForgeNft contract while performing minting or forging. That means this vulnerability will cause DoS on mintToken(), mintWithBudget() and forge().

Proof of Concept

The function initializeAlphaIndices() is intended to be called by the TraitForgeNft contract. However, it is currently protected by the onlyOwner modifier. This means only the owner of the EntropyGenerator contract can call it, not the TraitForgeNft contract. The correct modifier should be onlyAllowedCaller, which restricts the function to be called by the address set as the allowedCaller.

The vulnerability lies in the following line of EntropyGenerator contract

@>  function initializeAlphaIndices() public whenNotPaused onlyOwner {

https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/EntropyGenerator/EntropyGenerator.sol#L206

The above initializeAlphaIndices() is called by TraitForgeNft._incrementGeneration()

  function _incrementGeneration() private {
    require(
      generationMintCounts[currentGeneration] >= maxTokensPerGen,
      'Generation limit not yet reached'
    );
    currentGeneration++;
    generationMintCounts[currentGeneration] = 0;
    priceIncrement = priceIncrement + priceIncrementByGen;
@>  entropyGenerator.initializeAlphaIndices();
    emit GenerationIncremented(currentGeneration);
  }

https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/TraitForgeNft/TraitForgeNft.sol#L353

Some of the important functions defined in TraitForgeNft contract, such as mintToken(), mintWithBudget() and forge(), internally using _incrementGeneration(), due to this vulnerability execution of these mentioned functions will be failed.

Tools Used

Manual Review

Recommended Mitigation Steps

Replace the onlyOwner modifier with the onlyAllowedCaller modifier in the initializeAlphaIndices() function to ensure it can be called by the TraitForgeNft contract.

- function initializeAlphaIndices() public whenNotPaused onlyOwner {
+ function initializeAlphaIndices() public whenNotPaused onlyAllowedCaller {

Assessed type

Access Control

[c4-judge]

koolexcrypto marked the issue as satisfactory

[c4-judge]

koolexcrypto marked the issue as selected for report

[c4-judge]

koolexcrypto changed the severity to 2 (Med Risk)