saian - First founder will get less tokens due to wrong calculation of first base token id

[sherlock-admin]

saian

medium

First founder will get less tokens due to wrong calculation of first base token id

Summary

Incorrect first base token id will cause first founder user to receive less tokens

Vulnerability Detail

In function _addFounders, for a given precentage of token share, base token ids are calculated and assigned to the founders
But the calculation starts with reserveUntilTokenId, whose value may be > 99, and is assigned directly to the first founder as baseTokenId

    uint256 baseTokenId = reservedUntilTokenId; 

So during minting, the first founder will receive a percentage less tokens

This value will be retained in the tokenRecipient mapping and wont be cleared during updateFounders

Impact

First founder will receive less tokens due to the wrong calculation of first baseId

Code Snippet

https://github.com/sherlock-audit/2023-09-nounsbuilder/blob/main/nouns-protocol/src/token/Token.sol#L120

    function _addFounders(IManager.FounderParams[] calldata _founders, uint256 reservedUntilTokenId) internal {

            ...

                uint256 baseTokenId = reservedUntilTokenId; 

                // For each token to vest:
                for (uint256 j; j < founderPct; ++j) {
                    // Get the available token id
                    baseTokenId = _getNextTokenId(baseTokenId);

                    // Store the founder as the recipient
                    tokenRecipient[baseTokenId] = newFounder;

                    emit MintScheduled(baseTokenId, founderId, newFounder);

                    // Update the base token id
                    baseTokenId = (baseTokenId + schedule) % 100;
                }
            }

            // Store the founders' details
            settings.totalOwnership = uint8(totalOwnership);
            settings.numFounders = numFoundersAdded;
        }
    }

    /// @dev Finds the next available base token id for a founder
    /// @param _tokenId The ERC-721 token id
    function _getNextTokenId(uint256 _tokenId) internal view returns (uint256) {
        unchecked {
            while (tokenRecipient[_tokenId].wallet != address(0)) {
                _tokenId = (++_tokenId) % 100;
            }

            return _tokenId;
        }
    }

https://github.com/sherlock-audit/2023-09-nounsbuilder/blob/main/nouns-protocol/src/token/Token.sol#L263

    function _isForFounder(uint256 _tokenId) private returns (bool) {
        // Get the base token id
        uint256 baseTokenId = _tokenId % 100;

        // If there is no scheduled recipient:
        if (tokenRecipient[baseTokenId].wallet == address(0)) {
            return false;

            // Else if the founder is still vesting:
        } else if (block.timestamp < tokenRecipient[baseTokenId].vestExpiry) {
            // Mint the token to the founder
            _mint(tokenRecipient[baseTokenId].wallet, _tokenId);

            return true;

            // Else the founder has finished vesting:
        } else {
            // Remove them from future lookups
            delete tokenRecipient[baseTokenId];

            return false;
        }
    }

Tool used

Manual Review

Recommendation

Change the first base token id to

    uint256 baseTokenId = 0;

or

    uint256 baseTokenId = reservedUntilTokenId % 100;

Duplicate of #42