Funds can be locked indefinitely in NukeFund.sol #1078
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
edited-by-warden
M-02
primary issue
Highest quality submission among a set of duplicates
🤖_88_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/NukeFund/NukeFund.sol#L40-L61
https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/NukeFund/NukeFund.sol#L153-L183
Vulnerability details
Impact
Proof of Concept
The NukeFund contract has a unique fund distribution model where the primary - and only - method to withdraw funds is through the nuke() function. This design creates a specific set of circumstances under which funds can be extracted from the contract.
Practical example:
Let's say the contract has accumulated 100 ETH in its fund. A user holding a qualified NFT (let's call it TokenID 42) wants to claim a portion of this fund.
https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/NukeFund/NukeFund.sol#L153-L183
In this scenario:
This process works as intended, but it relies entirely on NFT holders initiating the withdrawal process. There's no other mechanism for fund distribution or withdrawal, which leads to the second point.
If all NFTs are burned or if no one calls the nuke() function, there's a real risk that funds could remain permanently locked in the contract.
Practical example:
Imagine a scenario where the contract has accumulated 500 ETH over time. There are only 10 NFTs left that are eligible for nuking.
Scenario A: All NFTs are burned
OR
https://github.com/code-423n4/2024-07-traitforge/blob/279b2887e3d38bc219a05d332cbcb0655b2dc644/contracts/TraitForgeNft/TraitForgeNft.sol#L141-L151
Scenario B: Inactivity
Tools Used
Manual review
Recommended Mitigation Steps
Add a function that allows the contract owner to withdraw funds in case of emergencies or when all NFTs are burned.
Assessed type
Context
The text was updated successfully, but these errors were encountered: