Minting RAACNFTs must have slippage protection
Vulnerability Details
When minting a RAACNFT we see that the user pays the price in the very same call to the mint funciton. The problem is that price is dynamic and can change and no slippage protection is added so there is a risk for a user paying more than expected.
It is expected from users to approve more than the transferFrom() amount, otherwise this refund logic would not exist on the contract.
So if user goes to buy a token and the oracle just udpates the price he could suffer from buying at an undersired price:
User sees home NFT for 500K USDC.
User approves 510K USDC to the contract.
At the same time oracle updates price to 505K USDC and the tx get executed before the mint one.
User ends up paying 5K more than expected. Notice that refund is based on the price and the oracle just updated the price so the user would actually pay 505K USDC.
Impact
Users could pay more than expected when minting a RAACNFT due to lack of slippage proteciton. As the mint should be front-run by an Oracle and Oracle is trusted, the chances of a user paying more than expected are low but still possible.
Recommendations
Add slippage protection to the mint function with an extra argument on the function for example.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.