adrien-supizet
commented
2 years ago The NFT collection will never be redeployed, whereas the factory and some other contracts of the protocols are upgradeable. For this reason, we want to make sure it will be possible to add metadata to the NFT in the future.
We want to keep this function despite the gas cost of deploying it. Furthermore, we don't think there can be a security issue with this function.
Handle
Meta0xNull
Vulnerability details
Impact
Leaving unused function in .sol not only waste gas when deploy the contract but also potential exploit.
Proof of Concept
https://github.com/code-423n4/2021-11-nested/blob/main/contracts/NestedAsset.sol#L96-L104
Tools Used
Manual Review
Recommended Mitigation Steps
Remove function mintWithMetadata()