Submission Details
Severity:
`COMMON_RARITY` & `RARE_RARITY` selections will overlap due to logic error in `if else` block.
Summary
COMMON_RARITY & RARE_RARITY selections will overlap due to logic error in if else block.
Vulnerability Details
You can see below on the else if line that the rarity range is determined by combining the range for COMMON_RARITY with range for RARE_RARITY, which is logically incorrect.
Current implementation:
if (rarity <= COMMON_RARITY) {
tokenIdToRarity[tokenId] = COMMON_RARITY;
} else if (rarity <= COMMON_RARITY + RARE_RARITY) { << this line is logically incorrect in terms of entire if block
tokenIdToRarity[tokenId] = RARE_RARITY;
Impact
Common rarity NFTs could be allocated to winners when rare rarity NFTs should be allocated.
Tools Used
VSC.
Recommendations
if (rarity <= COMMON_RARITY) {
tokenIdToRarity[tokenId] = COMMON_RARITY;
-- } else if (rarity <= COMMON_RARITY + RARE_RARITY) {
++ } else if (COMMON_RARITY < rarity <= COMMON_RARITY + RARE_RARITY) {
tokenIdToRarity[tokenId] = RARE_RARITY;
Updates
Lead Judging Commences
Hamiltonite about 2 years ago
Submission Judgement Published Assigned finding tags:
wrong nft rarity
71% 25% 4%
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.