First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Misaligned Status Checks Blocking Present Collection

nisedo

Vulnerability Details

The collectPresent function in the smart contract enforces strict status checks on two lists: s_theListCheckedOnce and s_theListCheckedTwice. To collect a present, a user must have the same status (NICE or EXTRA_NICE) in both lists. However, if a user's status changes between the two checks (e.g., from EXTRA_NICE to NICE), they become ineligible to collect any present, despite qualifying for at least the NICE category.

if (s_theListCheckedOnce[msg.sender] == Status.NICE && s_theListCheckedTwice[msg.sender] == Status.NICE) {
_mintAndIncrement();
return;
} else if (
s_theListCheckedOnce[msg.sender] == Status.EXTRA_NICE
&& s_theListCheckedTwice[msg.sender] == Status.EXTRA_NICE
) {
_mintAndIncrement();
i_santaToken.mint(msg.sender);
return;
}

Impact

  • Inflexible Reward Mechanism: Legitimate users may lose eligibility for rewards due to status changes.

  • Unfair Treatment of Users: Users with changed statuses (from EXTRA_NICE to NICE) are unfairly penalized and prevented from collecting the NICE rewards.

Recommendations

Rewards for Lower Status: Adjust logic to allow users downgraded from EXTRA_NICE to NICE to still collect the NICE reward.

Updates

Lead Judging Commences

inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.