First Flight #12: Kitty Connect
First Flight #12: Kitty Connect
Beginner FriendlyFoundryNFTGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`KittyBridge::bridgeNftWithData` is messing access control

yaioxy

Summary

The KittyBridge::bridgeNftWithData function allows anyone to bridge NFT data to another chain without proper access control.

Vulnerability Details

The KittyBridge::bridgeNftWithData function is marked as external, meaning it can be called by any account. However, it bridges sensitive NFT data to another chain. There is no access control check in this function to restrict calling it only to the NFT owner.

Impact

This allows any account to extract sensitive NFT metadata like owner address, name, breed etc. and bridge it to another chain. This can lead to theft of NFTs or metadata.

Tools Used

Manual review

Recommendations

Add a require check in KittyBridge::bridgeNftWithData to ensure only NFT owner can call it, in this case we add onlyKittyConnect modifier

function bridgeNftWithData(
uint64 _destinationChainSelector,
address _receiver,
bytes memory _data
)
external
+ onlyKittyConnect
onlyAllowlistedDestinationChain(_destinationChainSelector)
validateReceiver(_receiver)
returns (bytes32 messageId)
{
// function's logic...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`bridgeNftWithData` misses access control

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.