Floor aims to create a fully onchain governance mechanism for sweeping and deploying NFTs to profitable NFT-Fi strategies as well as seeding liquidity for its own NFT-Fi products.
The FloorNft::whitelistMint function is not meant to acquire any msg.value from its caller yet is declared as payable.
Impact:
It is presently possible to misplace a non-zero amount of native assets during a FloorNft::whitelistMint call that is expected to be "free".
Example:
function whitelistMint(bytes32[] calldata _merkleProof) public payable mintCompliance(1) {
require(paused == 2, 'The contract is paused');
// Ensure that the user has not already claimed their whitelist spot
require(!whitelistClaimed[msg.sender], 'Address has already claimed');
// Generate the leaf based on the sender
bytes32 leaf = keccak256(abi.encodePacked(msg.sender));
// Validate that our user was included in the whitelist
require(MerkleProof.verify(_merkleProof, merkleRoot, leaf), 'Invalid proof');
// Mark our user as having claimed the whitelist
whitelistClaimed[msg.sender] = true;
// Mint to our user
_mint(msg.sender, 1);
}
Recommendation:
We advise the payable attribute to be omitted from its declaration, preventing funds from being misplaced during a FloorNft::whitelistMint call.
FNT-01M: Improper Specification of Payable
Description:
The
FloorNft::whitelistMintfunction is not meant to acquire anymsg.valuefrom its caller yet is declared aspayable.Impact:
It is presently possible to misplace a non-zero amount of native assets during a
FloorNft::whitelistMintcall that is expected to be "free".Example:
Recommendation:
We advise the
payableattribute to be omitted from its declaration, preventing funds from being misplaced during aFloorNft::whitelistMintcall.