Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

No Ownership Check in depositEgg()

m0x01

Summary

Assumes NFT was transferred before calling, but no enforcement.

Vulnerability Details

see depositEgg() for details

Impact

Tools Used

Recommendations

see here for fix snippet

function depositEgg(uint256 tokenId) external {

require(eggNFT.ownerOf(tokenId) == msg.sender, "Not NFT owner");

eggNFT.transferFrom(msg.sender, address(this), tokenId); // Move NFT first

storedEggs[tokenId] = true;
eggDepositors[tokenId] = msg.sender;

emit EggDeposited(msg.sender, tokenId);

}

Updates

Lead Judging Commences

m3dython Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.