The deposit function allows users to deposit multiple times without minting additional NFTs. This can lead to a situation where a user's total deposits exceed the amount they can withdraw.
Impact
Users may lose funds as they can deposit more ETH than they can withdraw, potentially locking excess ETH in the contract permanently.
For example:
User deposits 1 ETH three times (assuming depositRequired is 1 ETH).
They now have 3 NFTs and their deposits[user] balance is 3 ETH.
However, they can only withdraw 1 ETH per NFT, so they can only get back 3 ETH by burning all 3 NFTs.
If they make more deposits than the number of NFTs they receive, they will have locked funds that they cannot withdraw.
Remediation
Implement a check to ensure that a user can only deposit if they don't already have an active deposit, or mint an NFT for each deposit made.
Description
The deposit function allows users to deposit multiple times without minting additional NFTs. This can lead to a situation where a user's total deposits exceed the amount they can withdraw.
Impact
Users may lose funds as they can deposit more ETH than they can withdraw, potentially locking excess ETH in the contract permanently. For example:
Remediation
Implement a check to ensure that a user can only deposit if they don't already have an active deposit, or mint an NFT for each deposit made.