Submission Details
Severity:
EggVault referenced NFT change
Summary
The EggVault referenced NFT can be changed.
Vulnerability Details
The relevant EggVault contract code is:
contract EggVault is Ownable {
/// @notice Reference to the EggstravaganzaNFT contract.
EggstravaganzaNFT public eggNFT;
// ...
constructor()Ownable(msg.sender){}
/// @notice Set the NFT contract address.
function setEggNFT(address _eggNFTAddress) external onlyOwner {
require(_eggNFTAddress != address(0), "Invalid NFT address");
eggNFT = EggstravaganzaNFT(_eggNFTAddress);
}
As currently implemented this allows the setEggNFT(address) to be called at any time (by the owner) allowing for the NFT to be modified after eggs were deposited.
Impact
Changing the NFT could result in all the deposited eggs being locked in the vault.
Tools Used
Manual review
Recommendations
Where the NFT is known at creation time, pass the value in through the constructor.
constructor(address _eggNFTAddress) Ownable(msg.sender){
eggNFT = EggstravaganzaNFT(_eggNFTAddress);
}
/// @notice Set the NFT contract address.
function setEggNFT(address _eggNFTAddress) external onlyOwner {
require(_eggNFTAddress != address(0), "Invalid NFT address");
eggNFT = EggstravaganzaNFT(_eggNFTAddress);
}
Remove the
setEggNFT(address)function
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.