Inability to Recover Funds and NFT in Double Price Case
Summary
If a user is tricked and is required to pay double the price for a treat, they may not desire to or can afford to pay this higher price.
Vulnerability Details
In the event a user is tricked and is required to pay double price for a treat, the contract assumes the user wants to or can afford to pay the higher price. However, it may be that the user does not want to pay this higher price and never calls resolveTrick(). In such an event, the user's funds will be stuck in the contract and they will not be able to retrieve it. Also, the NFT minted to the contract will also be stuck and is unretrievable.
Impact
If a user does not want to or cannot afford to pay the double price for a treat, they will have lost their funds which the owner is still able to withdraw. The owner will also not be able to retrieve the NFT minted to the contract and will thus be unable to acquire the full price for it.
Tools Used
Manual Review
Recommendations
My recommendations are as follows:
Create a function that will allow a user that has been tricked and does not desire to or cannot afford to pay the double price to withdraw their funds from the contract.
Instead of minting the NFT to the contract in the event a user is tricked and does not have sufficient funds, you should mint the NFT directly to the user when
resolveTrick()is called. This way if the user does not desire to pay the double price the NFT will not be lost in contract.
Appeal created
[invalid] Unlimited pending NFTs
The protocol can work correctly with more than 20000 tokens in it. It is informational.
[invalid] Unlimited pending NFTs
The protocol can work correctly with more than 20000 tokens in it. It is informational.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.