First Flight #5: Santa's List

First Flight #5

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Inaccurate description of user roles and functions in SantasList contract documentation

0xrektified

Summary

The README of the SantaToken project contains misleading information regarding the roles and functions of the contract.
It incorrectly states the existence of enterRaffle and refund functions, which are not present in the contract.

Vulnerability Details

The README documentation of the Santa-List project outlines roles and functionalities that do not align with the actual contract implementation. Specifically, it mentions enterRaffle and refund functions under the 'User' role, which are non-existent in the provided contract code.
This discrepancy indicates either outdated documentation or a copy-paste error from another project.

Impact

While this issue does not pose a direct risk to funds or contract functionality, incorrect or misleading documentation can lead to confusion among developers, auditors, and users.

It compromises the understanding of the contract's actual capabilities and intended use. This can indirectly affect the protocol's credibility and user trust.

Tools Used

This issue was identified through a manual review of the project's README and comparing it with the actual smart contract code.

Recommendations

The README documentation should be updated to accurately reflect the current functionalities and roles defined in the SantaToken contract.

Removing the incorrect references to enterRaffle and refund functions and ensuring that the roles of 'Santa' and 'User' are described in alignment with the contract's capabilities is necessary.

The correct description for the 'User' role should be:

User - An individual interacting with the SantasList contract.

The primary functionalities available to the user include:

collectPresent - Allows a user to collect a present if they are marked as 'Nice' or 'Extra Nice'.

This function mints an NFT to the user, and additionally mints a SantaToken if the user is 'Extra Nice'.

buyPresent - Enables a user to buy a present for someone else using SantaTokens.

This requires the user to have SantaTokens and to have approved the SantasList contract to spend those tokens.

Updates

Lead Judging Commences

inallhonesty Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

116

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.