Submission Details
Severity:
Funds will be locked in the RAACNFT contract
Summary
Funds will be locked in the RAACNFT contract
Vulnerability Details
In RAACNFT contract, users can buy one NFT to participate the RAAC system via function mint(). In mint(), users will get one specific NFT according to this specific NFT's price.
The problem is that there is not one interface in RAACNFT contract to withdraw these funds. All these funds will be locked in the RAACNFT contract forever.
function mint(uint256 _tokenId, uint256 _amount) public override {
uint256 price = raac_hp.tokenToHousePrice(_tokenId);
if(price == 0) { revert RAACNFT__HousePrice(); }
if(price > _amount) { revert RAACNFT__InsufficientFundsMint(); }
token.safeTransferFrom(msg.sender, address(this), _amount);
Impact
All funds in the RAACNFT will be locked foreve.
Tools Used
Manual
Recommendations
Add one interface to withdraw these funds.
Updates
Lead Judging Commences
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.