Weather Witness
First Flight #40
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: high
Invalid

WeatherNFT Mint Event Privacy Vulnerability

rootkit677

WeatherNFT Mint Event Privacy Vulnerability

Overview

The WeatherNFTMintRequestSent event in the WeatherNFT contract exposes user addresses, creating privacy concerns and enabling potential front-running attac

Mitigation

  • Remove user address from event:

event WeatherNFTMintRequestSent(string pincode, string isoCode, bytes32 reqId);

  • Use pseudonymous identifiers:

event WeatherNFTMintRequestSent(bytes32 userHash, string pincode, string isoCode, bytes32 reqId);
Updates

Appeal created

bube Lead Judge 5 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.