Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

The Batch Minting Mechanism in the RAACNFT contract is Incomplete as it Only Increases Batch Size, but does not Implement the Batch Minting

victortheoracle

Summary

The batch management mechanism in the contract is incomplete. The function to add a new batch only allows increasing the batch size without any option to reduce it, and the contract lacks a batch minting function. This limits flexibility in managing NFT collections and can cause confusion regarding the intended functionality.

Vulnerability Details

The function:

function addNewBatch(uint256 _batchSize) public override onlyOwner {

if (_batchSize == 0) revert RAACNFT__BatchSize();

currentBatchSize += _batchSize;

}

simply increments the public variable currentBatchSize without providing a way to reduce or reset it. Furthermore, despite the variable name hinting at batch management and the docs saying that it should exist, no function exists to mint multiple NFTs in one call. This design oversight can restrict the owner’s control if an adjustment to the batch size is needed or when batch minting is desired.

Impact

The inability to reduce the batch size might lead to operational challenges if the initial or current batch configuration is found to be excessive. Furthermore batch minting will be impossible for users because it has not been implemented.

Tools Used

Manual Review

Recommendations

Enhance batch management by adding a function to adjust (reduce) the batch size and implement batch minting. For example:

// Allows the owner to adjust the current batch size arbitrarily.

function adjustBatchSize(uint256 newBatchSize) public onlyOwner {

require(newBatchSize > 0, "Batch size must be positive");

currentBatchSize = newBatchSize;

}

// Implements batch minting functionality.

function batchMint(uint256[] calldata tokenIds, uint256[] calldata amounts) external onlyOwner {

require(tokenIds.length == amounts.length, "Mismatched arrays");

for (uint256 i = 0; i < tokenIds.length; i++) {

//implement the batch minting functionality here...

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!