Addressing Access Control Vulnerabilities in the RamNFT Smart Contract: Ensuring Secure and Controlled Token Minting
Summary
The RamNFT smart contract is an ERC721 token contract designed to mint NFTs representing the divine qualities of Lord Rama. A significant issue was identified: the mintRamNFT function lacks access control, allowing any user to mint new NFTs. This can lead to uncontrolled token issuance and potential abuse.
Vulnerability Details
The vulnerability exists in the mintRamNFT function, which is publicly accessible. Any external address can call this function and mint new NFTs without restrictions. This issue arises due to the absence of access control mechanisms to restrict minting permissions to specific users or roles.
Impact
The lack of access control can result in:
Inflation of the token supply due to unrestricted minting, reducing the scarcity and intrinsic value of the NFTs.
Exploitation by malicious actors who can flood the network with tokens.
Loss of trust among stakeholders and users, who may perceive the platform as insecure and unreliable.
Tools Used
No specific tools were used to identify this vulnerability.
Recommendations
Add an access control mechanism to restrict who can call the mintRamNFT function. For example, only the organiser or a specific role should be allowed to mint new NFTs.
function mintRamNFT(address to) public onlyOrganiser {
// ...
}
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.