First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

User can call collectPresent as many times as they want

praise03

Summary

Due to insufficient validation in collectPresent function a user can claim Santa's NFTs or Tokens multiple times

Vulnerability Details

function testCanCollectPresentIfAlreadyCollected() public {
vm.startPrank(santa);
santasList.checkList(user, SantasList.Status.NICE);
santasList.checkTwice(user, SantasList.Status.NICE);
vm.stopPrank();
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.startPrank(user);
santasList.collectPresent();
// 0 is the expected tokenId in this case
santasList.transferFrom(user, address(2), 0);
santasList.collectPresent();
}

In the above poc, a user can pass the ```` if (balanceOf(msg.sender) > 0) validation and call thecollectPresent``` function as many times as possible by simply transferring the claimed NFT to a desired address after each claim.

Impact

User can claim an infinite amout of tokens and NFTs

Tools Used

Manual Review

Recommendations

Possible solution: Introduce a mapping that tracks if a user has successfully claimed rewards once and use that mapping as a validation in the collectPresent function.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Weak Already Collected Check

Relying on balanceOf > 0 in collectPresent() allows the msg.sender to send their present to another address and then collect again.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!