RAACNFT tokens used to mint NFTs will be stuck forever
Vulnerability Details
When you buy a RAACNFT you call RAACNFT::mint() and the following logic executes:
The porblem is that the RAACNFT does not have any way of transfering out or using the tokens transferred to it. As there is no transfer funciton neither approval function called trhougout the contract, the tokens are stuck in the contract forever. Just enter VSCode and check for all instances of transfer or approvals, as you can see the only transfers are the ones in mint and nothing else.
The inherited OZ contracts do not posses ERC20 token transfers either:
Contract here.
Impact
Tokens used to buy RAACNFT are stuck in the contract forever.
Recommendations
Add a way to transfer them out, either by using transfer or using approvals so someone can move the funds on the RAACNFT contract.
Lead Judging Commences
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.