Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Vault deposit mechanism lacks incentives or utility

0xnbvc

Vulnerability Details

The EggVault contract allows users to deposit their EggstravaganzaNFT tokens via the depositEgg function. However, the contract provides no associated benefits, rewards, or functionalities unlocked by depositing the egg; it merely holds the NFT.

/// @notice Records the deposit of an egg (NFT).
/// The NFT must already have been transferred to the vault.
//@audit-issue depositing an egg in the vault won't give any benefit to the user, it's useless
function depositEgg(uint256 tokenId, address depositor) public {
require(eggNFT.ownerOf(tokenId) == address(this), "NFT not transferred to vault");
require(!storedEggs[tokenId], "Egg already deposited");
storedEggs[tokenId] = true;
eggDepositors[tokenId] = depositor;
emit EggDeposited(depositor, tokenId);
}

Impact

Users may waste gas depositing and withdrawing their NFTs into the vault under the mistaken assumption that there is a benefit, leading to user frustration and unnecessary blockchain interactions.

Recommendation

Either remove the vault deposit/withdraw functionality entirely or implement a clear incentive or utility connected to depositing eggs in the vault.

Updates

Lead Judging Commences

m3dython Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.