First Flight #15: Mondrian Wallet

First Flight #15

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

A new NFT contract is created for every account and mint no NFT.

n0kto

Description

MondrianWallet is the deployed contract used to create a new account abstraction. A new instance of this contract is deployed every time an account is created. The problem is that ERC721 does not operate this way. Only one contract should be deployed once and the mint function should be used to create NFTs in the same collection.

Moreover, even though every contract instantiates the ERC721, the mint function is never called and there is no function to call it. This means wallets will never receive a painting.

@> contract MondrianWallet is Ownable, ERC721, IAccount {

...

}

Risk

Likelyhood: High

Every account creation.

Impact: High

One collection per wallet (no collection will be the official one).
No NFTs are distributed.

Recommended Mitigation

Create one smart contract dedicated to the NFT and link it with a factory contract that creates every instance of MondrianWallet. For every creation, mint an NFT and send it to the newly created account.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Extremely Wrong Implementation of ERC721

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.