Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Lack of Access Control in `EggVault::depositEgg(uint256 tokenId, address depositor)`

finisher

Description:
The depositEgg(uint256 tokenId, address depositor) function in the EggVault contract lacks access control, allowing any user to call it and deposit eggs on behalf of others. This could lead to unauthorized deposits, potentially causing confusion or misuse of the contract. If this isnt intended you should restrict access.

Impact:
Unauthorized users could manipulate the state of the contract by depositing eggs without proper permissions, leading to potential misuse or unexpected behavior.

Proof of Concept:

function depositEgg(uint256 tokenId, address depositor) public {
require(eggNFT.ownerOf(tokenId) == address(this), "NFT not transferred to vault");
require(!storedEggs[tokenId], "Egg already deposited");
storedEggs[tokenId] = true;
eggDepositors[tokenId] = depositor;
emit EggDeposited(depositor, tokenId);
}

Recommended Mitigation:
Restrict access to the depositEgg function by adding appropriate access control modifiers, such as onlyContract or a custom role-based modifier. For example:

function depositEgg(uint256 tokenId, address depositor) external onlyContract {
require(eggNFT.ownerOf(tokenId) == address(this), "Invalid owner");
storedEggs[tokenId] = true;
eggDepositors[tokenId] = depositor;
emit EggDeposited(depositor, tokenId);
}

Alternatively, implement a role-based access control mechanism using OpenZeppelin's AccessControl library to allow specific roles to call this function.

Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Frontrunning Vulnerability DepositEgg

Front-running depositEgg allows deposit ownership hijacking.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!