Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-08-FOUNDATION-FINDINGS-ISSUES-217
HistoryAug 15, 2022 - 12:00 a.m.

createNFTDropCollectionWithPaymentAddress() doesn't granting the creator to receive royalties and mint payments

2022-08-1500:00:00
Code4rena
github.com
4
nft
royalties
payments
vulnerability
JSON

Lines of code

Vulnerability details

Impact

createNFTDropCollectionWithPaymentAddress() doesn’t ensure to receive royalties and mint payments to the address payable paymentAddress

Proof of Concept

The documentation side Create a new drop collection contract with a custom payment address and in createNFTDropCollectionWithPaymentAddress() in the line 342 where setting the value to the paymentAddress in the case (paymentAddress != msg.sender) == false the paymentAddress will set to payable(0)
So the creator will not be able to receive royalties and mint payments

Recommended Mitigation Steps

Change this line paymentAddress != msg.sender ? paymentAddress : payable(0) to this one paymentAddress != msg.sender ? paymentAddress : msg.sender

The text was updated successfully, but these errors were encountered:

All reactions

JSON