The escrow is responsible to store players and tokens. However a club can be burned, as it was on the mock FootiumPlayerMockV2.sol:
function burn(uint256 tokenId) external onlyOwner {
++numOfBurnedTokens;
_burn(tokenId);
}
FootiumPlayerMockV2.sol#L81
When that happens, the escrow is lost, since it was instanciated as per NFT for each tokenId. But the escrow is the where players and tokens are stored. Therefore, tokens will be lost after burning a NFT Club.
Impact
Risk of loosing players and tokens after if the NFT Club is burned.
Implement a burn function like it was done with safeMint and before calling OZ internal function _burn, transfer remaining tokens and players to the protocol or to a new club.
gryphon
medium
Risk of loosing tokens after burning the NFT Club
If a NFT Club is burned, the players and tokens can be lost.
Vulnerability Detail
When a new club is minted, it implements it's own
safeMintfunction which instatiates a new escrow:FootiumClub.sol#L56
The escrow is responsible to store players and tokens. However a club can be burned, as it was on the mock
FootiumPlayerMockV2.sol:FootiumPlayerMockV2.sol#L81 When that happens, the escrow is lost, since it was instanciated as per NFT for each
tokenId. But the escrow is the where players and tokens are stored. Therefore, tokens will be lost after burning a NFT Club.Impact
Risk of loosing players and tokens after if the NFT Club is burned.
Code Snippet
FootiumClub.sol#L56
FootiumPlayerMockV2.sol#L81
Tool used
Manual Review
Recommendation
Implement a
burnfunction like it was done withsafeMintand before calling OZ internal function_burn, transfer remaining tokens and players to the protocol or to a new club.