Eggstravaganza

First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: high
Valid

Missing Initialization Check in EggVault.depositEgg

Summary

The depositEgg function in the EggVault.sol is public and can be called by anyone, potentially allowing a malicious actor to claim ownership of a deposited egg. We need to add another "require" line so that only the gameContract can call depositEgg.

Vulnerability Details

The current setup could allow anybody to call depositEgg. Currently, we're only verifying that the NFT is owned by the vault and that the NFT is not already deposited.

Impact

Potential NFT theft, game integrity, and reputation damage.

Tools Used

Manual code review

Recommendations

Adjust access control: Add the below "require" line within the depositEgg function so that this function can ONLY be called through the gameContract and not directly.

function depositEgg(uint256 tokenId, address depositor) public {
// Add this require line below to the function
require(msg.sender == gameContract, "Only game contract can deposit");
require(eggNFT.ownerOf(tokenId) == address(this), "NFT not transferred to vault");
require(!storedEggs[tokenId], "Egg already deposited");
storedEggs[tokenId] = true;
eggDepositors[tokenId] = depositor;
emit EggDeposited(depositor, tokenId);
Updates

Lead Judging Commences

m3dython Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Frontrunning Vulnerability DepositEgg

Front-running depositEgg allows deposit ownership hijacking.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.