Submission Details
Severity:
SantasList:buyPresent() does not check that gifter is NICE or EXTRA_NICE allowing anyone to buy a present
Summary
SantasList:buyPresent() does not check that gifter is NICE or EXTRA_NICE allowing anyone to buy a present
Vulnerability Details
SantasList:buyPresent() does not check that gifter is NICE or EXTRA_NICE allowing anyone to buy a present, which could lead to excessive NFT minting and impact future value
Impact
High
PoC
The Foundry test below will fail with current code...
function testBuyPresentWithNaughty() public {
vm.startPrank(santa);
santasList.checkList(user, SantasList.Status.NAUGHTY);
santasList.checkTwice(user, SantasList.Status.NAUGHTY);
vm.stopPrank();
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
deal(address(santaToken), user, 2e18);
vm.startPrank(user);
santaToken.approve(address(santasList), 2e18);
// santasList.collectPresent();
vm.expectRevert();
santasList.buyPresent(user);
vm.stopPrank();
}
Tools Used
Visual Studio Code, Foundry
Recommendations
Add a modifer to the SantasList contract...
modifier onlyNiceOrExtraNice() {
if (
!((s_theListCheckedOnce[msg.sender] == Status.NICE &&
s_theListCheckedTwice[msg.sender] == Status.NICE) ||
(s_theListCheckedOnce[msg.sender] == Status.EXTRA_NICE &&
s_theListCheckedTwice[msg.sender] == Status.EXTRA_NICE))
) {
revert SantasList__NotNice();
}
_;
}
Next, change the SantasList:buyPresent() to use the modifer & enforce that only NICE & EXTRA_NICE can execute the function...
function buyPresent(address presentReceiver) external onlyNiceOrExtraNice {
i_santaToken.burn(presentReceiver);
_mintAndIncrement();
}
Rewards breakdown
nSLOC
116This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.