Lack of Access Control on mintRamNFT Function in RamNFT Smart Contract
Summary
The RamNFT smart contract is an ERC721 token contract designed to mint NFTs representing the divine qualities of Lord Rama. A significant issue was identified concerning the lack of access control on the mintRamNFT function, allowing any user to mint new NFTs, potentially leading to uncontrolled token issuance and abuse.
Vulnerability Details
The vulnerability lies in the mintRamNFT function, which is publicly accessible, allowing any external address to call it and mint new NFTs without any restrictions. This issue arises from the absence of access control mechanisms that restrict minting permissions to specific users or roles.
Impact
The lack of access control can result in the inflation of the token supply, as unrestricted minting can lead to an oversupply of NFTs, reducing their scarcity and intrinsic value. Additionally, the contract is vulnerable to exploitation, where malicious actors can flood the network with tokens. This lack of regulation and control over token issuance can also lead to a loss of trust among stakeholders and users, who may perceive the platform as insecure and unreliable.
Tools Used
Nothing
Recommendations
Add an access control mechanism to restrict who can call the mintRamNFT function. For example, only the organiser or a specific role should be allowed to mint new NFTs.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.