Submission Details
Severity:
NFTs costs 1e18
Summary
An NFT should be costing 2e18, but in the burn method from SantaToken contract burns 1e18
Vulnerability Details
Impact
High
Tools Used
Manual
Recommendations
Change the burning amount from the SantaToken contract to 2e18, or send the burning amount as a param(PURCHASED_PRESENT_COST)
///// SantaToken
function burn(address from, uint256 amount) external {
if (msg.sender != i_santasList) {
revert SantaToken__NotSantasList();
}
_burn(from, amount);
}
///// SantasList
function buyPresent(address presentReceiver) external {
i_santaToken.burn(presentReceiver, PURCHASED_PRESENT_COST);
_mintAndIncrement();
}
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
Price is not enforced in buyPresent
This line indicates that the intended cost of presents for naughty people should be 2e18: https://github.com/Cyfrin/2023-11-Santas-List/blob/6627a6387adab89ae2ba2e82b38296723261c08a/src/SantasList.sol#L87 PURCHASE_PRESENT_COST should be implemented to enforce the cost of presents.
Rewards breakdown
nSLOC
116This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.