Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

NFT is Burned Instead of Transferred to the New Owner In buyOutEstateNFT()

0xalipede

Summary

The buyOutEstateNFT() function burns the NFT after a buyout instead of transferring it to the buyer. This results in the estate having no registered owner, even though the buyer has paid for it.

Vulnerability Details

Affected code:

Example:

  1. Assume an estate NFT is worth 100,000 USDC.

  2. A beneficiary buys out the NFT, paying 66,666 USDC to other beneficiaries.

  3. Instead of receiving ownership of the NFT, it is burned.

  4. The buyer has no on-chain proof of ownership of the estate.

Impact

  • The buyer does not receive the NFT, meaning their ownership is not recorded on-chain.

  • The estate may become unrecoverable or lead to inconsistencies in tracking ownership.

  • The intent of the buyout process is broken, as the estate should now belong to the buyer, not be removed from circulation

Tools Used

  • Manual review

Recommendations

Instead of burning the NFT, transfer it to beneficiary (msg.sender), the rightful new owner.

function buyOutEstateNFT(uint256 _nftID) external onlyBeneficiaryWithIsInherited {
...
nft.safeTransferFrom(address(this), msg.sender, _nftID);
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.