Lack of Token Existence Check in Mint Function
Summary
The mint function in the RAACNFT.sol contract does not check if the _tokenId has already been minted. This can lead to a situation where the same token is minted multiple times, which violates the uniqueness property of NFTs and can cause significant issues in the system.
Proof of Concept:
1 .User A calls the mint function with _tokenId 1 and _amount sufficient to cover the price.
2.The contract mints _tokenId 1 to User A.
3 .User B calls the mint function with the same _tokenId 1 and _amount sufficient to cover the price.
4 .The contract mints _tokenId 1 to User B, resulting in both User A and User B owning the same token ID.
Vulnerability Details
Impact
Double Minting: Without checking if the _tokenId already exists, the same token can be minted multiple times. This undermines the uniqueness of NFTs and can lead to multiple users owning the same token ID.
Economic Loss: Users who believe they own a unique NFT may suffer economic loss if the same token is minted and sold to multiple users.
Tools Used
manual review
Recommendations
Suggested Fix:
Add a check to ensure that the _tokenId has not already been minted using the _exists function provided by the ERC721 contract. If the token already exists, revert the transaction.
// Check if the tokenId already exists
if (_exists(_tokenId)) { revert RAACNFT__TokenAlreadyMinted(); }
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.