First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

After the CHRISTMAS_2023_BLOCK_TIME has passed anyone can claim NICE tokens

touthang

Summary

After the time has passed any address who was not listed as the NAUGHTY user can claim nice tokens. This is possible because santa cannot checklist every possible address on the blockchain as NAUGHTY user and because by default all address is a NICE user. Because of how enum works,
if a user is not assigned any status then their status will be the first valur of the enum which is NICE.

Impact

A user can create multiple accounts and mint as many NICE tokens as he likes.

Tools Used

manual, foundry

POC

paste this code in the SantasListTest.t.sol and run forge test --mt testAnyoneCanCollectPresent.

address user1 = makeAddr("user1");
address user2 = makeAddr("user2");
function testAnyoneCanCollectPresent() public {
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.prank(user1);
santasList.collectPresent();
vm.prank(user2);
santasList.collectPresent();
//console.log(santasList.balanceOf(user1));
//console.log(santasList.balanceOf(user2));
}

Recommendations

change the enum to :

enum Status {
NOT_CHECKED_TWICE,
NICE,
EXTRA_NICE,
NAUGHTY
}

so that the default status will be NOT_CHECKED_TWICE instead of NICE.
Now we can run the test again and confirm that the transaction reverts.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

default status is nice

In Solidity the first element of an enum is the default value. In Santa's List, the means each person is mapped by default to 'NICE'.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.