No way for the user to mint NFT for the `MondrianWallet`
Summary
The MondrianWallet protocol mentions to mint a NFT to the one who creates account abstraction wallet but there is no way to mint NFT to the user.
But along with that, the MondrianWallet is actually the wallet for the user and has the ERC721 inherited and it is kind of irrelevant because NFT handling stuff should be handled via a MondrianWallet Deployer and the Deployer should allow the user to deploy their MondrianWallet and mint NFT.
Vulnerability Details
The vulnerability is present in the design of
MondrianWallet, there is no way for the users to get their NFT.The NFT is associated with the
MondrianWalletand there is no way for one to mint.As the wallets are associated with their own owners therefore it is irrelevant to associate ERC721 inheritance with the
MondrianWallet.Instead there should be a deployer contract which should be a ERC721 contract and should allow users to create their
MondrianWalletand mint their NFT.
Impact
Users can't have their NFT.
Tools Used
Manual Review
Recommendations
Create a Deployer contract that should inherit ERC721 contract and should allow the user to deploy their MondrianWallet along with the NFT.
Also, the ERC721 associated with MondrianWallet is insignificant as it is the wallet and not a source to mint NFT, therefore consider removing the ERC721 stuffs from MondrianWallet.
Lead Judging Commences
The Wallet doesn't end up owning any nft
Extremely Wrong Implementation of ERC721
The Wallet doesn't end up owning any nft
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.