Submission Details
Severity:
`SantasList::collectPresent()` has invalid logic
Summary
SantasList::collectPresent() has invalid logic that leads to possibility of minting multiple NFTs/ERC20s. User once receive present can sent NFT to another wallet and call the function once again.
Vulnerability Details
The function lacks proper method for flagging users that claimed presenets.
Impact
High, user can abuse the function leading to minting arbitrary amount of NFTs/ERC20s.
Tools Used
Manaual Review + foundry
Recommendations
add mapping on SantasList
+ mapping(address => bool) public userClaimedPresent;
function collectPresent() external {
+ if(userClaimedPresent[msg.sender]) {
+ revert SantasList__AlreadyCollected();
+ }
if (block.timestamp < CHRISTMAS_2023_BLOCK_TIME) {
revert SantasList__NotChristmasYet();
}
if (balanceOf(msg.sender) > 0) {
revert SantasList__AlreadyCollected();
}
if (
s_theListCheckedOnce[msg.sender] == Status.NICE &&
s_theListCheckedTwice[msg.sender] == Status.NICE
) {
+ userClaimedPresent[msg.sender] = true;
_mintAndIncrement();
return;
} else if (
s_theListCheckedOnce[msg.sender] == Status.EXTRA_NICE &&
s_theListCheckedTwice[msg.sender] == Status.EXTRA_NICE
) {
+ userClaimedPresent[msg.sender] = true;
_mintAndIncrement();
i_santaToken.mint(msg.sender);
return;
}
revert SantasList__NotNice();
}
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
Weak Already Collected Check
Relying on balanceOf > 0 in collectPresent() allows the msg.sender to send their present to another address and then collect again.
Rewards breakdown
nSLOC
116This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.