F-2023-0007·missing-validation

Doesn't check if _ids and _quantities length is the same in batchBurn

Acknowledgednfterc-1155openseapolygonscan.com/address/0x2953399124f0cbb46d2cbacd8a89cf0599974963
TL;DR

batchBurn does not verify that _ids and _quantities have matching lengths, so a mismatched call iterates with an undefined number of valid pairings.

Severity
LOW
Impact
LOW
Likelihood
MEDIUM
Method
MManual review
CAT.
Complexity
LOW
Exploitability
MEDIUM
02Section · Description

Description

In the public function batchBurn() there is a check missing to make sure that both uint256 parameters passed have the same length.

solidity
function batchBurn(
    address _from,
    uint256[] memory _ids,
    uint256[] memory _quantities
) public override {
    for (uint256 i = 0; i < _ids.length; i++) {
        require(
            _ownsTokenAmount(_from, _ids[i], _quantities[i]),
            "AssetContract#batchBurn: ONLY_TOKEN_AMOUNT_OWNED_ALLOWED"
        );
    }
    super.batchBurn(_from, _ids, _quantities);
}
03Section · Impact

Impact

It's assuming that for each iteration of _ids.length there is going to be a valid number for _quantities. The lack of a verification could cause unexpected values to be sent further to function _ownsTokenAmount().

04Section · Recommendation

Recommendation

Consider adding the verification before entering the loop with:

solidity
require(
    _ids.length == _quantities.length,
    "INVALID_ARRAYS_LENGTH"
);
ZEALYNX SECURITY · published 2023-10-06
F-2023-0007

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx