User could lost his nft, after change nft address in vault contract
Summary
If vault owner change address of nft contract, users could not withdraw them from vault. Also new user's coult not deposit nft to vault if nft with the same id already deposited previously(old nft contract)
Vulnerability Details
As we can see, address of nft contract sets not in construnction ,but in function setEggNFT. So owner could change nft address at any time.
Function withdrawEgg in vault uses current value of nft contact, which stored in eggNFT value.
if owner has change contract address, they could not receive his nft. because vault call new nft contract. And vault do not has new nft on his balance.
Impact
User could not withdraw his nft from vault.
Users of new nft contact could deposit their nft, if the same id already has been deposited.
Tools Used
Manual review
Recommendations
Store nft address contract when user deposit nft in the vault.
Lead Judging Commences
State corruption
Changing the NFT contract address doesn't update the storedEggs and eggDepositors mappings
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.