Submission Details
Severity:
[H-1] `EggVault:depositEgg` has no access control.
[H-1] EggVault:depositEgg has no access control.
Description: Anyone can call EggVault:depositEgg and put any address the want as the depositor.
Impact: If someone sends an NFT to the EggVault but does not call the depositEgg function, anybody can call the function and put their own address as the depositor, then withdraw that NFT from the EggVault.
Recommended Mitigation: Change the depositEgg logic to transfer the NFT and update theeggDepositors mapping in one function. The storedEggs mapping can also be removed if using this logic.
function depositEgg(uint256 tokenId) public {
require(eggNFT.ownerOf(tokenId) == msg.sender, "You do not own this NFT");
eggNFT.transferFrom(msg.sender, address(this), tokenId);
eggDepositors[tokenId] = msg.sender;
emit EggDeposited(depositor, tokenId);
}
Updates
Lead Judging Commences
m3dython 8 months ago
Submission Judgement Published Assigned finding tags:
Frontrunning Vulnerability DepositEgg
Front-running depositEgg allows deposit ownership hijacking.
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.