Missing Burn Functionality in RAACNFT
01. Relevant GitHub Links
02. Summary
The website mentions that users can burn NFTs to redeem assets. However, the contract code does not provide a burn function. Instead, _update prevents sending NFTs to the zero address, effectively blocking any potential burning operation.
03. Vulnerability Details
The site explains that you can burn NFT tokens and actually receive assets for them.
Real estate is held in a corporate structure that is designed to protect Regna Minima NFT holders. Eligible users can burn the Regna Minima NFT to redeem the real estate title.
However, the actual NFT implementation not only doesn't have a burn function, but it also overrides the _update function, making it impossible to burn.
04. Impact
Users cannot burn their NFTs to redeem real estate or other assets, contrary to the documentation and advertised functionality.
05. Tools Used
Manual Code Review and Foundry
06. Recommended Mitigation
Implement a burn function andadd a mitigation to prevent the mint function from re-minting tokens that have already been burned.
Lead Judging Commences
RAACNFT lacks redemption mechanism, preventing NFT holders from exchanging tokens back for their underlying asset value and forcing reliance on secondary markets
RAACNFT lacks redemption mechanism, preventing NFT holders from exchanging tokens back for their underlying asset value and forcing reliance on secondary markets
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.