Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: high
Valid

Anyone can mint a RamNFT to anyone

Summary

There is a missing check on the mintRamNFT function in the RamNFT contract. This allows anyone to mint a RamNFT to anyone, which is not the functionality needed for the protocol. Users can simply mint as many NFTs as they want without going through the registration and entry fee process.

Vulnerability Details

The open minting can be shown with the test below. Players should not be able to mint NFTs directly, it should only be possible via the Dussehra contract. A restriction to just the Dussehra contract is required. The mint function is lacking this protection.

function test_mintNFT() public {
vm.startPrank(player1);
vm.expectRevert();
ramNFT.mintRamNFT(player1);
vm.expectRevert();
ramNFT.mintRamNFT(player2);
vm.stopPrank();
vm.startPrank(address(dussehra));
ramNFT.mintRamNFT(player1);
ramNFT.mintRamNFT(player2);
vm.stopPrank();
assertEq(ramNFT.ownerOf(0), player1);
assertEq(ramNFT.ownerOf(1), player2);
}

Impact

This open minting has large consequences to the protocol. An malicious user can simply mint many NFTs and increase their chances of winning dramatically as the winner is selected from the NFT collection. This bypasses the entry fee requirement and allows a user to enter the competition without paying anything other than minting gas costs.

Tools Used

foundry and manual review

Recommendations

Change the RamNFT contract's minting function to include a modifier to protect the minting of NFTs and ensure only the ChoosingRam contract can mint.

+ error RamNFT__NotDussehraContract();
+ address public dussehraContract;
+ function setDussehraContract(address _dussehraContract) public onlyOrganiser {
+ dussehraContract = _dussehraContract;
+ }
+ modifier onlyDussehraContract() {
+ if (msg.sender != dussehraContract) {
+ revert RamNFT__NotDussehraContract();
+ }
+ _;
+ }
+ function mintRamNFT(address to) public onlyDussehraContract {
- function mintRamNFT(address to) public {
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

mintRamNFT is public

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.