Users should be able to independently unstake their Rapper NFTs and retrieve them from protocol custody.
The specific issue is that unstake requires the module owner's signer for object::transfer, centralizing control and preventing user autonomy.
Likelihood:
High
A user attempts to unstake without module owner signing the tx.
Transaction requires module_owner signer, which users cannot provide.
Impact:
High
Users depend on centralized owner for asset retrieval.
Risk of denial of service or selective refusal by owner.
Call unstake without module_owner: aborts due to missing signer.
Owner must co-sign every unstake tx.
Recommenation to mitigate the observed vulnerability.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.