Submission Details
Severity:
Locked crvUSD tokens in NFT's
Vulnerability Details
When users want to mint a certain id an RAACNFT he must deposit it's value in it and gets minted the NFT - RAACNFT.mint():
function mint(uint256 _tokenId, uint256 _amount) public override {
uint256 price = raac_hp.tokenToHousePrice(_tokenId);
if(price == 0) { revert RAACNFT__HousePrice(); }
if(price > _amount) { revert RAACNFT__InsufficientFundsMint(); }
// transfer erc20 from user to contract - requires pre-approval from user
token.safeTransferFrom(msg.sender, address(this), _amount);
// mint tokenId to user
_safeMint(msg.sender, _tokenId);
// If user approved more than necessary, refund the difference
if (_amount > price) {
uint256 refundAmount = _amount - price;
token.safeTransfer(msg.sender, refundAmount);
}
emit NFTMinted(msg.sender, _tokenId, price);
}
The problem is that there is no function to extract the locked funds. Hence when the Stability pool receives the NFT's upon liquidation their value will not be retrievable.
Impact
High, locked crvUSD, which means loss of funds for the protocol
Tools Used
Manual Review
Recommendations
Implement an access controlled, withdraw function to take out the crvUSD tokens.
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.