Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Invalid

SantasList:buyPresent() does not check that gifter is NICE or EXTRA_NICE allowing anyone to buy a present

Summary

SantasList:buyPresent() does not check that gifter is NICE or EXTRA_NICE allowing anyone to buy a present

Vulnerability Details

SantasList:buyPresent() does not check that gifter is NICE or EXTRA_NICE allowing anyone to buy a present, which could lead to excessive NFT minting and impact future value

Impact

High

PoC

The Foundry test below will fail with current code...

function testBuyPresentWithNaughty() public {
vm.startPrank(santa);
santasList.checkList(user, SantasList.Status.NAUGHTY);
santasList.checkTwice(user, SantasList.Status.NAUGHTY);
vm.stopPrank();
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
deal(address(santaToken), user, 2e18);
vm.startPrank(user);
santaToken.approve(address(santasList), 2e18);
// santasList.collectPresent();
vm.expectRevert();
santasList.buyPresent(user);
vm.stopPrank();
}

Tools Used

Visual Studio Code, Foundry

Recommendations

Add a modifer to the SantasList contract...

modifier onlyNiceOrExtraNice() {
if (
!((s_theListCheckedOnce[msg.sender] == Status.NICE &&
s_theListCheckedTwice[msg.sender] == Status.NICE) ||
(s_theListCheckedOnce[msg.sender] == Status.EXTRA_NICE &&
s_theListCheckedTwice[msg.sender] == Status.EXTRA_NICE))
) {
revert SantasList__NotNice();
}
_;
}

Next, change the SantasList:buyPresent() to use the modifer & enforce that only NICE & EXTRA_NICE can execute the function...

function buyPresent(address presentReceiver) external onlyNiceOrExtraNice {
i_santaToken.burn(presentReceiver);
_mintAndIncrement();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.