Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Unrestricted NFT Minting in `EggstravaganzaNFT`

finisher

Description:
The mintEgg() function in the EggstravaganzaNFT contract does not validate the uniqueness of the tokenId being minted or ensure that the recipient address is valid. This could lead to duplicate token IDs being minted or tokens being sent to the zero address, which would result in lost NFTs.

Impact:
High - Duplicate token IDs could compromise the integrity of the NFT collection, and minting to the zero address would result in irretrievable NFTs.

Proof of Concept:

function mintEgg(address to, uint256 tokenId) external {
// No checks for tokenId uniqueness or recipient validity
_mint(to, tokenId);
}

Recommended Mitigation:
Update the mintEgg() function to include the following checks:

  1. Ensure the recipient address is not the zero address.

  2. Validate that the tokenId does not already exist.

function mintEgg(address to, uint256 tokenId) external {
require(to != address(0), "Invalid recipient");
require(!_exists(tokenId), "Token already exists");
_safeMint(to, tokenId); // Use _safeMint for added safety
totalSupply += 1;
emit EggMinted(to, tokenId); // Emit an event for transparency
}
Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!