When the burnToMint function is enabled, any bad actor can transfer the nft-to-burn when it receives the newly minted nft, getting burned after he no longer is the owner. #1988
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-1597
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/NextGenCore.sol#L220
Vulnerability details
Impact
Medium impact, it affects the functionallity of the nfts with other contracts, as they wouldn't want to interact with tokens that could get burned.
Explanation
in the
NextGenCore
contract, theburnToMint
function has the minting of the new nft, which makes an external call via_safeMint
, before the burning of the nft-to-burn. This allows any bad actor to transfer the nft to a victim contract without the victim contract being able to stop the_burn
from happening.Recommended Mitigation Steps
Make the mint of the nft in
burnToMint
happen after the burning of the nft that gives access to the mint.Assessed type
Token-Transfer
The text was updated successfully, but these errors were encountered: