No Access Control on depositEgg()
Summary
The depositEgg() function lacks access control, allowing anyone to call it, even if they did not transfer the NFT. This can lead to unauthorized deposits.
Vulnerability Details
The depositEgg() function is public and does not restrict access to only the intended caller (e.g., the EggHuntGame contract). This allows any address to call the function and deposit an NFT.
Impact
An attacker can front-run a legitimate deposit by calling depositEgg() with the same tokenId, causing them to falsely claim credit for the deposit and potentially steal NFTs.
Tools Used
Solidity
Access Control Vulnerability Detection
Recommendations
-
Restrict access to the
depositEgg()function, allowing only theEggHuntGamecontract to call it:address public gameContract;modifier onlyGame() {require(msg.sender == gameContract, "Not authorized");_;}function setGameContract(address _gameContract) external onlyOwner {require(_gameContract != address(0), "Invalid address");gameContract = _gameContract;}function depositEgg(uint256 tokenId, address depositor) public onlyGame {...}
This ensures that only the authorized EggHuntGame contract can invoke the depositEgg() function, mitigating the exploit.
Lead Judging Commences
Frontrunning Vulnerability DepositEgg
Front-running depositEgg allows deposit ownership hijacking.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.