Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-01-drips/blob/main/src/NFTDriver.sol#L68
The function does not check if the caller has permission to mint new tokens. This could potentially lead to the unauthorized minting of tokens.
At https://github.com/code-423n4/2023-01-drips/blob/main/src/NFTDriver.sol#L68
function mint(address to, UserMetadata[] calldata userMetadata) public whenNotPaused returns (uint256 tokenId) { tokenId = _registerTokenId(); _mint(to, tokenId); if (userMetadata.length > 0) dripsHub.emitUserMetadata(tokenId, userMetadata); }
Manual VS Code
function mint(address to, UserMetadata[] calldata userMetadata) public whenNotPaused returns (uint256 tokenId) { tokenId = _registerTokenId(); _safeMint(to, tokenId); if (userMetadata.length > 0) dripsHub.emitUserMetadata(tokenId, userMetadata); }
https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/NFTDriver.sol#L91
It's not a token with underlying valu
Also safeMint wouldn't help a bypass
GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-01-drips/blob/main/src/NFTDriver.sol#L68
Vulnerability details
Impact
The function does not check if the caller has permission to mint new tokens. This could potentially lead to the unauthorized minting of tokens.
Proof of Concept
At https://github.com/code-423n4/2023-01-drips/blob/main/src/NFTDriver.sol#L68
Tools Used
Manual VS Code
Recommended Mitigation Steps