Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Assets used to buy RAACNft are permanently locked

alexczm

Summary

Users can mint a RAACNft by paying it's value using a specified token. Contract doesn't implement any logic to handle its token balance, permanently locking the assets.

Vulnerability Details

Anyone can call RAACNFT::mint and buy the desired tokenId. The asset's price is transferred from msg.sender to address(this), the RAACNFT` contract address.

function mint(uint256 _tokenId, uint256 _amount) public override {
uint256 price = raac_hp.tokenToHousePrice(_tokenId);
if(price == 0) { revert RAACNFT__HousePrice(); }
if(price > _amount) { revert RAACNFT__InsufficientFundsMint(); }
// transfer erc20 from user to contract - requires pre-approval from user
@> token.safeTransferFrom(msg.sender, address(this), _amount);
...

The RAACNFT contract inherits from the following contracts and none implements logic to move token balances.

contract RAACNFT is ERC721, ERC721Enumerable, Ownable, IRAACNFT {

The token balance amount is permanently locked in RAACNFT contract.

Impact

Assets used to buy NFTs are permanently locked.

Tools Used

Recommendations

Implement a new function that allows to transfer the assets.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.