First Flight #12: Kitty Connect
First Flight #12: Kitty Connect
Beginner FriendlyFoundryNFTGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

No access control for kittyBridge::bridgeNftWithData, allowing anyone to execute cross-chain operation even though not owning the NFT

0xlouistsai

Summary

There is no access control for kittyBridge::bridgeNftWithData, anyone can execute the cross chain operation, and mints unlimited amount of NFT.

Vulnerability Details

For kittyBridge::bridgeNftWithData, it does not restrict the access to kittyConnect::bridgeNftToAnotherChain. As a result, any user can call the function, it will not check whether you are the token owner, updating the s_ownerToCatsTokenId and s_catInfo value and burn the token to be bridged.

Impact

Anyone can mint unlimited NFT through kittyBridge::bridgeNftWithData given proper input parameters.

Tools Used

Manual Review

Recommendations

Add modifier to the function for access control:

function bridgeNftWithData(uint64 _destinationChainSelector, address _receiver, bytes memory _data)
external
onlyAllowlistedDestinationChain(_destinationChainSelector)
validateReceiver(_receiver)
+ onlyKittyConnect
returns (bytes32 messageId) // @audit-issue bad access control
{}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`bridgeNftWithData` misses access control

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.