Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: high
Invalid

Potential Frontrunning Vulnerability in RAACnft.sol Mint Function

Summary

The mint function in RAACnft.sol is vulnerable to frontrunning, allowing attackers to steal desirable NFTs by submitting a transaction with a higher gas fee before the original buyer's transaction is confirmed.

Vulnerability Details

2025-02-raac/contracts/core/tokens/RAACNFT.sol at main · Cyfrin/2025-02-raac

Consider this scenario:

  1. Bob finds a special NFT (house) at a discounted price and submits a mint transaction with 10 ETH for TOKEN_ID.

  2. Eric, an attacker monitoring the mempool, detects Bob’s transaction.

  3. Eric submits the same mint transaction (mint(TOKEN_ID, 10 ETH)) but with a higher gas fee (e.g., 100 gwei).

  4. The network prioritizes Eric's transaction, and he mints the NFT before Bob.

  5. When Bob’s transaction is processed, it fails because the NFT is already minted.

Impact

Users lose NFTs they intended to mint

Tools Used

Recommendations

Implementing a Commit-Reveal Scheme might curb this.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.