There's no function to mint NFTs on `MondrianWallet
Summary
The MondrianWallet contract extends OpenZeppelin's EIP721, but it doesn't actually expose a function to mint NFTs which is required by inheriting contracts to provide the desired functionality.
Vulnerability Details
Inheriting EIP721 as done here alone does not give MondrianWallet the ability to mint new tokens. The project's description claims that creators of MondrianWallets will get an NFT as well, but the contract doesn't allow for creating tokens.
Impact
Users that make use of this smart account do not get what they've been promised. This potentially results in users deploying their own MondrianWallet with missing functionality, which can be considered loss of funds (transaction fees) if the user has created the wallet via a normal transaction and not via a UserOperation with factory code.
Tools Used
Manual review
Recommended Mitigation
Ensure MondrianWallet provides a function to actually mint tokens, such as:
If, for whatever reason, only the owner should be allowed to perform this action, then this needs to be adjusted accordingly:
Lead Judging Commences
The Wallet doesn't end up owning any nft
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.