First Flight #12: Kitty Connect

Beginner FriendlyFoundryNFTGameFi

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

`mintBridgedNFT` can revert due to `_safeMint`, resulting in the loss of NFTs on both chains

n0kto

[M-1] `mintBridgedNFT` can revert du to `_safeMint` and lose NFT on both chain

Description

In the mintBridgedNFT function, the NFT is minted on the destination chain after being burned on the source chain during a bridge operation. However, _safeMint is used without checking whether the bridge operation is successful. If _safeMint reverts, the NFT will be lost on both chains.

function mintBridgedNFT(bytes memory data) external onlyKittyBridge {

...

emit NFTBridged(block.chainid, tokenId);

@> _safeMint(catOwner, tokenId);

}

Risk

Likelyhood: Low

If _safeMint reverts.

Impact: High

NFT is burned on both chain.

Proof of Concept

Create a simple contract without implementing a receive function for NFTs.
Bridge an NFT to this contract.
Check that the NFT doesn't exist on both chain.

Recommended Mitigation

Use _mint instead of _safeMint.

Alternatively:

Mint the NFT for the bridge and implement a withdraw function for the owner on the destination chain.
Implement a rescue function to transfer stucked NFTs.

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

235

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.