Eggstravaganza

First Flight #37

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Anyone can call the `depositEgg` function to become the depositor of a transferred NFT

iamthesvn

Summary

The depositEgg function in the EggVault contract allows unauthorized users to claim ownership of NFTs by calling the function with their address as the depositor parameter. This leads to a vulnerability where anyone can become the recorded depositor of an NFT without actually owning it.

Vulnerability Details

The vulnerability arises from the depositEgg function which takes a depositor address as a parameter. The function does not check if the caller is the actual owner who transferred the NFT to the vault. If a user calls these functions in two different transactions, an attacker could front run the second transaction and claim he is the depositor as soon as the NFT is transferred to the vault. This allows any user to call the function with their address as the depositor, thereby recording themselves as the depositor of the NFT.

/// @notice Records the deposit of an egg (NFT).

/// The NFT must already have been transferred to the vault.

function depositEgg(uint256 tokenId, address depositor) public {

require(eggNFT.ownerOf(tokenId) == address(this), "NFT not transferred to vault");

require(!storedEggs[tokenId], "Egg already deposited");

storedEggs[tokenId] = true;

eggDepositors[tokenId] = depositor;

emit EggDeposited(depositor, tokenId);

}

Impact

This vulnerability allows malicious users to claim ownership of NFTs they do not own.

Tools Used

Manual review

Recommendations

Add a check to verify that the caller is the owner or an approved address for the NFT.

Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Frontrunning Vulnerability DepositEgg

Front-running depositEgg allows deposit ownership hijacking.

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!