KittyBridge.sol::bridgeNftWithData
doesn't implement access control mechanisms, leading to free mint cross-chain and waste of link funds.Description:
KittyConnect.sol::bridgeNftToAnotherChain
provides a way to transfer NFTs cross-chain through the KittyBridge.sol::bridgeNftWithData
function. However, the KittyBridge.sol::bridgeNftWithData
doesn't control access, allowing a malicious user to call it directly.
Impact:
This missimplementation can lead to uncontrolled NFT emission on destination chains and use of all link funds.
Proof of Concept:
Recommendation:
Implement the onlyKittyConnect
modifier to control access.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.