Invalid value to buy a present
Summary
The documentation indicate that the cost of buying a present should be 2e18 token.
buyPresent: A function that trades 2e18 of SantaToken for an NFT. This function can be called by anyone.
There is also a variable in the code defining the value but it's not used
uint256 public constant PURCHASED_PRESENT_COST = 2e18;
So EXTRA_NICE users will be able to mint 1e18 token and buy a present by burning 1e18 token instead of the 2e18 initially planned
Vulnerability Details
The burn method is using an hardcoded value of 1e18 as we can see bellow:
When calling the buyPresent method the PURCHASED_PRESENT_COST value is not used so the final amount of a present will be 1e18
Impact
Based on the current implementation we know that an EXTRA_NICE user does not have enough token to buy a present by himself as he only get 1e18 token while collecting his present and minting Santa token.
EXTRA_NICE users would have to buy more Santa token or team up with other EXTRA_NICE users to have enough Santa token to buy a present, so they will reach the 2e18 token initially required.
Currently an EXTRA_NICE user can buyPresent right away, which break the potential tokenomics of the Santa token
Tools Used
Manual
Recommendations
As PURCHASED_PRESENT_COST is not used and is a constant it can be removed from the SantasList contract, then we can implement the required value directly in the burn method in the SantaToken.sol contract
Lead Judging Commences
Price is not enforced in buyPresent
This line indicates that the intended cost of presents for naughty people should be 2e18: https://github.com/Cyfrin/2023-11-Santas-List/blob/6627a6387adab89ae2ba2e82b38296723261c08a/src/SantasList.sol#L87 PURCHASE_PRESENT_COST should be implemented to enforce the cost of presents.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.