NFT values remain after burning, creating stale data and potential confusion
Summary
The buyOutEstateNFT function burns NFTs but does not update the corresponding values in the nftValue mapping. This creates stale data that persists after the NFT is destroyed, potentially leading to confusion about estate assets and their valuations.
Vulnerability Details
When a legitimate beneficiary buys out an NFT representing an estate asset, the function burns the NFT but does not clear its entry in the nftValue mapping
Impact
Misleading Information: Beneficiaries and trustees may believe certain assets still exist when they have been bought out and removed from the estate.
Inaccurate Valuation: The total value of the estate appears higher than it actually is due to including values for non-existent NFTs.
UI/Integration Problems: External interfaces may display incorrect information about estate assets.
Confusion During Inheritance: When calculating estate distribution, values from non-existent NFTs could be incorrectly included.
Combined with other vulns: When combined with other current vulnerabilities like the
return instead of continuebug in the function `buyOutEstateNFT' same nft might be sold multiple times
Tools Used
man review
Recommendations
track sold nfts
make a check of nft has been sold/exists before ofeering it for sale or making operation related to paying it out
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.