First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Weak claim check allows users to claim unlimited NFTs and tokens

spacecowboy

Summary

SantasList::collectPresent only checks whether a user's NFT balance is greater than 0 at the time of collection which allows a user to transfer their NFT to another address after claiming and claim once again. This can be repeated indefinitely.

Vulnerability Details

As soon as a user calls SantasList::collectPresent they only need to transfer their NFT to a separate address in order to claim again.

Impact

In the case of a user with a NICE status, they can claim unlimited NFTs. In the case of a user with a EXTRA_NICE status they can claim unlimited NFTs and Santa Tokens.

Tools Used

Manual review

Recommendations

Add a mapping that tracks when a user has claimed e.g.:

mapping(address person => bool yesOrNo) private hasClaimed;

Inside SantasList::collectPresent update lines 151-153:

- if (balanceOf(msg.sender) > 0) {
- revert SantasList__AlreadyCollected();
- }
+ if (hasClaimed[msg.sender]) {
+ revert SantasList__AlreadyCollected();
+ }
+ hasClaimed[msg.sender] = true;
Updates

Lead Judging Commences

inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Weak Already Collected Check

Relying on balanceOf > 0 in collectPresent() allows the msg.sender to send their present to another address and then collect again.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.