Submission Details
Severity:
Missing Approval Check in depositEggToVault
Summary
The depositEggToVault() function in EggHuntGame does not verify that the contract has approval to transfer the NFT.
Vulnerability Details
The function attempts to transfer an NFT without confirming it has approval:
function depositEggToVault(uint256 tokenId) external {
require(eggNFT.ownerOf(tokenId) == msg.sender, "Not owner of this egg");
// The player must first approve the transfer on the NFT contract.
eggNFT.transferFrom(msg.sender, address(eggVault), tokenId);
eggVault.depositEgg(tokenId, msg.sender);
}
The comment states "The player must first approve the transfer on the NFT contract" but there's no code check for this.
Impact
The function will fail if the player hasn't approved the transfer, leading to a poor user experience and potential confusion.
Tools Used
Code review
Recommendations
Add an explicit check for approval:
function depositEggToVault(uint256 tokenId) external {
require(eggNFT.ownerOf(tokenId) == msg.sender, "Not owner of this egg");
require(eggNFT.getApproved(tokenId) == address(this) ||
eggNFT.isApprovedForAll(msg.sender, address(this)),
"Transfer not approved");
eggNFT.transferFrom(msg.sender, address(eggVault), tokenId);
eggVault.depositEgg(tokenId, msg.sender);
}
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.