description

    function createFNFT(uint fnftId, IRevest.FNFTConfig memory fnftConfig, uint quantity, address from) external override {
		...
}

The function createFNFT should not be external, as all of its' internal function calls are restricted to onlyRevestController.

Impact

The issue currently has no security impact, but developers should abide by the principle of least privilege. Limiting a contract's attack surface is a crucial way to mitigate future risks and reduces the overall likelihood and severity of compromises.

Recommendations

Add the onlyRevestController modifier to createFNFT to restrict access control.

Remediation

The issue has been acknowledged by Revest team.