Lack of Balance Check Before Refund in mint Function
Summary
In the mint function in the RAACNFT.sol The contract attempts to refund excess ERC20 tokens after minting an NFT but does not check if it has enough balance before transferring. If the contract does not have enough ERC20 tokens, the transaction will fail and revert, causing users to be unable to mint NFTs, leading to a denial of service (DoS).
Affected code:
Attack Scenario:
A user calls
mintand transfers more tokens than required.The contract attempts to refund the excess.
If the contract has an insufficient ERC20 balance (due to other withdrawals or fund mismanagement), the transaction fails entirely.
The NFT is not minted, and the user is stuck in an irreversible failed transaction.
Proof of Concept (PoC)
Scenario: Contract Lacks Sufficient ERC20 Tokens for Refund
// Assume user needs to pay 100 tokens for NFT
mint(1, 150);
// Contract should refund 50 tokens````// However, contract only has 30 tokens in balance````// safeTransfer fails, reverting the transaction
This means if multiple users try to mint NFTs and the contract does not have enough balance, all mint transactions fail and revert.
Vulnerability Details
Impact
if multiple users try to mint NFTs and the contract does not have enough balance, all mint transactions fail and revert.
Tools Used
manual review
Recommendations
Before refunding, check the contract’s ERC20 balance
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.