Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

In RAACNFT.sol, no function exists to support batch minting

0xgremlincat

Summary

As defined in documentation, RAACNFT.sol Allow for batch minting of NFTs. However, there is no function to support batch minting at all. The existing mint function only supports single minting.

Vulnerability Details

In the RAACNFT.sol contract, the mintfunction only handles single NFT minting:

function mint(uint256 _tokenId, uint256 _amount) public override {
uint256 price = raac_hp.tokenToHousePrice(_tokenId);
if(price == 0) { revert RAACNFT__HousePrice(); }
if(price > _amount) { revert RAACNFT__InsufficientFundsMint(); }
// transfer erc20 from user to contract - requires pre-approval from user
token.safeTransferFrom(msg.sender, address(this), _amount);
// mint tokenId to user
_safeMint(msg.sender, _tokenId);
// If user approved more than necessary, refund the difference
if (_amount > price) {
uint256 refundAmount = _amount - price;
token.safeTransfer(msg.sender, refundAmount);
}
emit NFTMinted(msg.sender, _tokenId, price);
}

Additionally, the contract includes a function to add batches via addNewBatch(), but the added batches are not handled anywhere.

function addNewBatch(uint256 _batchSize) public override onlyOwner {
if (_batchSize == 0) revert RAACNFT__BatchSize();
currentBatchSize += _batchSize;
}

Impact

Core functionality of protocol is broken as batch minting is not supported.

Tools Used

Manual

Recommendations

Write a function to handle batch minting, and it is important to ensure ownership of each minted NFT is managed well, since batch minting will mint NFTs to an array of addresses instead of just one single address.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!