The requestMintWeatherNFT function allows users to send ETH to the contract to pay for minting an NFT. The contract lacks a mechanism to withdraw these funds, causing all received ETH to be permanently locked.
Likelihood:
Users send ETH with every mint request, as required by the contract.
The absence of a withdrawal function ensures funds remain locked after each transaction.
Impact:
Permanent loss of ETH (e.g., 1 ETH per mint) for the project owner.
Reduced user trust due to inaccessible fees, potentially deterring participation.
User calls requestMintWeatherNFT
with msg.value = s_currentMintPrice
.
ETH is stored in the contract, but no function allows withdrawal.
Add a withdrawal function:
The contract collects funds for minting a WeatherNFT, but there is no function that allows the owner to withdraw these funds.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.