First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

buyPresent burn incorrect token amount

zach030

Summary

As per the stated requirement, the buyPresent function should facilitate the exchange of exactly 2e18 SantaToken for an NFT. However, upon reviewing the implementation of the buyPresent function, it appears that it only invokes the i_santaToken.burn function once, resulting in the burning of 1e18 tokens. This implementation does not align with the specified requirement.

Vulnerability Details

User can burn only 1e18 santaTokens to mint nft.

function buyPresent(address presentReceiver) external {
// pass PURCHASED_PRESENT_COST as a argument of amount to burn
i_santaToken.burn(presentReceiver);
_mintAndIncrement();
}
function burn(address from) external {
if (msg.sender != i_santasList) {
revert SantaToken__NotSantasList();
}
_burn(from, 1e18);
}

Impact

Not align with the specified requirement, NFT value decrease.

Tools Used

Manual Review

Recommendations

Add another argument amount in burn function

function buyPresent(address presentReceiver) external {
// pass PURCHASED_PRESENT_COST as a argument of amount to burn
i_santaToken.burn(presentReceiver, PURCHASED_PRESENT_COST);
_mintAndIncrement();
}
function burn(address from, uint256 amount) external {
if (msg.sender != i_santasList) {
revert SantaToken__NotSantasList();
}
_burn(from, amount);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Price is not enforced in buyPresent

This line indicates that the intended cost of presents for naughty people should be 2e18: https://github.com/Cyfrin/2023-11-Santas-List/blob/6627a6387adab89ae2ba2e82b38296723261c08a/src/SantasList.sol#L87 PURCHASE_PRESENT_COST should be implemented to enforce the cost of presents.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.