First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

SantasList:buyPresent() does not check msg.sender's SantaToken balance to ensure they have enough to buy the present

dougo

Summary

SantasList:buyPresent() does not check msg.sender's SantaToken balance to ensure they have enough to buy the present

Vulnerability Details

SantasList:buyPresent() does not check msg.sender's SantaToken balance to ensure they have enough to buy the present, therefore a "gifter" can gift an NFT for less than the intended price of 2e18 SANTA. This could lead to excessive minting of the NFT and impact future value of it.

Impact

High

PoC

The Foundry test below will fail with current code, since it does not revert (user has 1e18 SANTA)...

function testBuyPresentLessThanTwoSANTA() public {
vm.startPrank(santa);
santasList.checkList(user, SantasList.Status.EXTRA_NICE);
santasList.checkTwice(user, SantasList.Status.EXTRA_NICE);
vm.stopPrank();
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.startPrank(user);
santaToken.approve(address(santasList), 2e18);
santasList.collectPresent();
vm.expectRevert();
santasList.buyPresent(user);
vm.stopPrank();
}

Tools Used

Visual Studio Code, Foundry

Recommendations

Add a check to SantasList:buyPresent() to ensure the caller (gifter) has at least 2e18 SANTA, as shown below...

function buyPresent(address presentReceiver) external {
if (i_santaToken.balanceOf(msg.sender) < 2e18) {
revert SantasList__NeedsMoreSantaTokens();
}
i_santaToken.burn(presentReceiver);
_mintAndIncrement();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.