Lines of code
<https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleTickets.sol#L83>
<https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleTickets.sol#L97>
As specified on RabbitHole C4 contest page, RabbitHoleTickets smart contract βis an 1155 reward contract used by the RabbitHole team.β Meaning that the assets managed by this smart contract have value. Moreover this contract implements ERC-2981: NFT Royalty Standard meaning that the tickets can be traded for other assets.
RabbitHoleTickets.onlyMinter doesnβt check if msg.sender is the minter address.
Anybody can call RabbitHoleTickets.mint (or RabbitHoleTickets.mintBatch) to mint unlimited number of tokens. Being a token with infinite supply it will lose value and itβs creator can lose reputation.
Manual review
The fix is simple, properly implement the modifier as:
modifier onlyMinter() {
if(msg.sender != minterAddress) revert CallerNotMinter();
_;
}
The text was updated successfully, but these errors were encountered:
All reactions