First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect burn amount in burn function

Prabhas

Summary

The burn function of SanataToken is called by the SantasList contract when someone want to spend their SantaTokens to buy present for others ie. a SANTA NFT. But according to documentation a SANTA NFT costs 2**e18 SantaTokens but the burn function only burns 1**e18 SantaTokens which is called when buying an NFT.

Vulnerability Details

The vulnerability lies in the burn function of SantaToken. It costs only half of specified SantaTokens to buy an SANTA NFT.

function burn(address from) external {
if (msg.sender != i_santasList) {
revert SantaToken__NotSantasList();
}
_burn(from, 1e18);
}
}

The _burn function only burns 1e18 tokens for an NFT, which is half of specified amount (2e18 tokens) in the documentation.

Impact

The users can mint double the amount of NFT's with the SantaTokens as burn function only burn half of expected tokens for an NFT

Tools Used

Manual Review

Recommendations

Use 2e18 instead of 1e18 for the amount of tokens to burn.

function burn(address from) external {
if (msg.sender != i_santasList) {
revert SantaToken__NotSantasList();
}
- _burn(from, 1e18);
+ _burn(from, 2e18);
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Price is not enforced in buyPresent

This line indicates that the intended cost of presents for naughty people should be 2e18: https://github.com/Cyfrin/2023-11-Santas-List/blob/6627a6387adab89ae2ba2e82b38296723261c08a/src/SantasList.sol#L87 PURCHASE_PRESENT_COST should be implemented to enforce the cost of presents.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.