First Flight #5: Santa's List

Beginner FriendlyFoundry
100 EXP
Submission Details
Severity: high
Valid

Unrestricted Token Burning in buyPresent Function

Updates

Lead Judging Commences

InAllHonesty Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

buyPresent should use msg.sender

Current implementation allows a malicious actor to burn someone else's tokens as the burn function doesn't actually check for approvals.

Support

FAQs

Can’t find an answer? Join our Discord or follow us on Twitter.