With the current design of the protocol, anyone is able to call checkList
function in SantasList contract, while documentation says only Santa should be able to call it. This can be considered as an access control vulnerability, because not only santa is allowed to make the first check.
An attacker could simply call the external checkList
function, passing as parameter the address of someone else and the enum Status NAUGHTY
(or NOT_CHECKED_TWICE
, which should actually be UNKNOWN
given documentation).
By doing that, Santa will not be able to execute checkTwice
function correctly for NICE
and EXTRA_NICE
people. Indeed, if Santa first checked a user and assigned the status NICE
or EXTRA_NICE
, anyone is able to call checkList
function again, and by doing so modify the status. This could result in Santa unable to execute the second check.
Moreover, any malicious actor could check the mempool and front run Santa just before calling checkTwice
function to check users. This would result in a major denial of service issue.
The impact of this vulnerability is HIGH as it results in a broken mechanism of the check list system. Any user could be declared NAUGHTY
for the first check at any time, preventing present collecting by users although Santa considered the user as NICE
or EXTRA_NICE
.
Santa could still call checkList
function again to reassigned the status to NICE
or EXTRA_NICE
before calling checkTwice
function, but any malicious actor could front run the call to checkTwice
function. In this scenario, it would be impossible for Santa to actually double check a NICE
or EXTRA_NICE
user.
Just copy paste this test in SantasListTest contract :
Foundry
I suggest to add the onlySanta
modifier to checkList
function. This will ensure the first check can only be done by Santa, and prevent DOS attack on the contract. With this modifier, specification will be respected :
"In this contract Only Santa to take the following actions:
checkList: A function that changes an address to a new Status of NICE, EXTRA_NICE, NAUGHTY, or UNKNOWN on the original s_theListCheckedOnce list."
The following code will resolve this access control issue, simply by adding onlySanta
modifier:
No malicious actor is now able to front run Santa before checkTwice
function call.
The following tests shows that doing the first check for another user is impossible after adding onlySanta
modifier:
Anyone is able to call checkList() changing the status of a provided address. This is not intended functionality and is meant to be callable by only Santa.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.