Root + Impact

Description

The burn() function in the BidBeasts_NFT_ERC721.sol contract is publicly accessible and contains no authorization checks to verify whether the caller owns the token or has permission to burn it. This lack of access control represents a critical vulnerability in digital asset management, allowing any attacker to permanently destroy any NFT owned by another user. Root cause analysis reveals a fundamental design flaw in the function that omits permission validation before executing a destructive action.

Risk

· Impact: High. Unauthorized destruction of NFTs leads to irreversible loss for legitimate owners. This directly compromises protocol integrity, user asset security, and can result in direct financial losses as well as major trust erosion in the platform.

· Likelihood: High. Exploitation of this vulnerability is straightforward and requires no special conditions. An attacker can interact with this function at any time to target any existing token, making the attack occurrence highly probable.

Proof of Concept

The following Foundry test demonstrates how an attacker can successfully burn an NFT belonging to another user:

Result :

[PASS] test_anyoneCanBurnOthersNFT() (gas: 76424)
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 4.39ms (259.54µs CPU time)

Recommended Mitigation

It is imperative to modify the burn() function to include strict authorization checks. The best practice is to use the token's ownership verification or explicitly check permissions.

An alternative and more robust approach, compliant with standards, is to inherit from OpenZeppelin's ERC721Burnable contract, which already implements secure burn logic requiring the caller to be either the owner or an approved address.

Here's the corrected code: