Submission Details
Severity:
Funds will be stucked inside RAACNFT when mint function is called.
Vulnerability Details
No function inside RAACNFT to withdraw funds deposited by the user while minting houseNFT.
Impact
When a user wants to mint a houseNFT, he calls RAACNFT::mint. Inside this function we are transferring the price of nft from msg.sender to RAACNFT contract. There is no function to withdraw these funds, so these funds will be stuck inside the contract.
Tools Used
Manual Review
Recommendations
Implement a permissioned function to withdraw these funds.
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.