Submission Details
Severity:
RAACNFT contract will cause tokens to be stuck due to lack of rescue mechanism
Summary
The RAACNFT contract allows end users to purchase NFTs by transferring a specified token. However, there is no token rescue mechanism implemented in the RAACNFT contract, meaning tokens will be stuck there permanently.
Vulnerability Details
When users purchase an NFT, they need to transfer the corresponding amount of token to RAACNFT contract:
token.safeTransferFrom(msg.sender, address(this), _amount);
However, there is no withdrawal method implemented in the contract. As a result, all paid tokens will be stuck in the RAACNFT contract indefinitely.
Impact
All tokens will be stuck at the NFT contract.
Tools Used
Manual Review
Recommendations
Implement a token rescue mechanism
Updates
Lead Judging Commences
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
RAACNFT collects payment for NFT minting but lacks withdrawal functionality, permanently locking all tokens in the contract
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.