Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

Default Enum Status Leading to Unintended Present Collection

Vulnerability Details

The collectPresent function allows any user to collect a present due to the default Status.NICE (0) in the Status enum.

enum Status {
NICE, //@audit by default all users are NICE, value 0
EXTRA_NICE,
NAUGHTY,
NOT_CHECKED_TWICE
}
if (s_theListCheckedOnce[msg.sender] == Status.NICE && s_theListCheckedTwice[msg.sender] == Status.NICE) { //@audit all users are NICE by default
_mintAndIncrement();
return;
}

Impact

  1. Default Status Exploit: Users can bypass checks as uninitialized status defaults to NICE.

  2. Uncontrolled Present Distribution: Illegitimate users may collect presents, disrupting intended functionality.

Recommendations

Status Initialization: Implement a mechanism to set an explicit default status, like NOT_CHECKED_TWICE.

Updates

Lead Judging Commences

equious Auditor
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

default status is nice

In Solidity the first element of an enum is the default value. In Santa's List, the means each person is mapped by default to 'NICE'.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.