The MondrianWallet
protocol mentions to mint a NFT to the one who creates account abstraction wallet but there is no way to mint NFT to the user.
But along with that, the MondrianWallet
is actually the wallet for the user and has the ERC721 inherited and it is kind of irrelevant because NFT handling stuff should be handled via a MondrianWallet Deployer and the Deployer should allow the user to deploy their MondrianWallet
and mint NFT.
The vulnerability is present in the design of MondrianWallet
, there is no way for the users to get their NFT.
The NFT is associated with the MondrianWallet
and there is no way for one to mint.
As the wallets are associated with their own owners therefore it is irrelevant to associate ERC721 inheritance with the MondrianWallet
.
Instead there should be a deployer contract which should be a ERC721 contract and should allow users to create their MondrianWallet
and mint their NFT.
Users can't have their NFT.
Manual Review
Create a Deployer contract that should inherit ERC721 contract and should allow the user to deploy their MondrianWallet
along with the NFT.
Also, the ERC721 associated with MondrianWallet
is insignificant as it is the wallet and not a source to mint NFT, therefore consider removing the ERC721 stuffs from MondrianWallet
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.