All tokens collected in RAACNFT contract for NFTs minting will be permanently stuck.
Summary
mint function in RAACNFT contract allows users to mint RAAC NFTs to buy tokenised houses. Minting a RAAC NFT requires a certain amount of tokens, determined by the call to the oracle getter tokenToHousePrice.
The problem arises because there is no mechanism to withdraw these tokens from the RAACNFT contract to the treasury or to any other address, which will leads to tokens being locked forever in the contract.
Vulnerability Details
A user calls mint function after approving the required amount to be transferred to the contract with safeTransferFrom. Tokens are transferred to the RAACNFT contract and the user receives a RAAC NFT with a unique id.
After that, the RAACNFT contracts holds tokens but is unable to do anything with it.
Impact
The impact of this issue is high as it leads to permanent loss of all funds sent by users to buy RAAC NFTs.
Tools Used
Manual review
Recommendations
Make sure to add a function to withdraw these tokens to the treasury or another address.
Lead Judging Commences
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.