First Flight #5: Santa's List
First Flight #5
Submission Details
Severity: high
ValidSanta should fire his dwarves because they have adjusted the ERC20.sol module to allow one of their addresses to drain user's minted SantaToken
Updates
Lead Judging Commences
Submission Judgement Published
Validated
Assigned finding tags:
unauthorized elf wallet approval in solmate-bad
Some sneaky elf has changed this library to a corrupted one where his wallet address skips all the approval checks for SantaToken! Shenanigans here - https://github.com/PatrickAlphaC/solmate-bad/blob/c3877e5571461c61293503f45fc00959fff4ebba/src/tokens/ERC20.sol#L88
Rewards breakdown
nSLOC
116This contest has a flat reward structure with the following payouts:
High
100 EXP
Medium
20 EXP
Low
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.