function burn(uint256 tokenId) public override whenNotPaused {
super.burn(tokenId);
}
Users can call this by mistake and once they did that, they lose their access to DripsHub account, that was handled by that nft and as result they lose all their current and future collectable funds.
Lines of code
https://github.com/code-423n4/2023-01-drips/blob/main/src/NFTDriver.sol#L244-L246
Vulnerability details
Impact
NftDriver exposes burn function which can be used by mistake in order to remove access to your collectable amount inside DripsHub
Proof of Concept
NftDriver contract has public
burn
method which allows you to burn your nft. https://github.com/code-423n4/2023-01-drips/blob/main/src/NFTDriver.sol#L244-L246Users can call this by mistake and once they did that, they lose their access to DripsHub account, that was handled by that nft and as result they lose all their current and future collectable funds.
Tools Used
VsCode
Recommended Mitigation Steps
Remove that function, looks like it's not needed.