Stuck Funds Due to Missing Withdrawal Functionality in the `RAACNFT` Contract
Summary
The RAACNFT contract collects ERC20 tokens during NFT minting, but it lacks any function to withdraw or manage these funds. This oversight results in tokens being permanently stuck in the contract.
Vulnerability Details
During the mint process, users transfer ERC20 tokens to the contract as payment for minting NFTs. Although the contract refunds any excess funds if the user overpays, there is no mechanism for the owner or any other authorized party to withdraw the collected funds. Without such a function, the funds remain locked in the contract indefinitely.
Impact
Inaccessible Funds: The tokens accumulated by the contract cannot be retrieved, which may cause significant financial loss.
Operational Issues: The inability to access funds may prevent proper reinvestment or distribution of the collected tokens, leading to liquidity problems.
Tools Used
Manual Review
Recommendations
Introduce a withdrawal function to allow authorized parties (typically the owner) to transfer the collected ERC20 tokens from the contract.
Lead Judging Commences
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.