First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Weak claim check allows users to claim unlimited NFTs and tokens

spacecowboy

Summary

SantasList::collectPresent only checks whether a user's NFT balance is greater than 0 at the time of collection which allows a user to transfer their NFT to another address after claiming and claim once again. This can be repeated indefinitely.

Vulnerability Details

As soon as a user calls SantasList::collectPresent they only need to transfer their NFT to a separate address in order to claim again.

Impact

In the case of a user with a NICE status, they can claim unlimited NFTs. In the case of a user with a EXTRA_NICE status they can claim unlimited NFTs and Santa Tokens.

Tools Used

Manual review

Recommendations

Add a mapping that tracks when a user has claimed e.g.:

mapping(address person => bool yesOrNo) private hasClaimed;

Inside SantasList::collectPresent update lines 151-153:

- if (balanceOf(msg.sender) > 0) {
- revert SantasList__AlreadyCollected();
- }
+ if (hasClaimed[msg.sender]) {
+ revert SantasList__AlreadyCollected();
+ }
+ hasClaimed[msg.sender] = true;
Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Weak Already Collected Check

Relying on balanceOf > 0 in collectPresent() allows the msg.sender to send their present to another address and then collect again.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!