First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Wrong value of NFT

dentonylifer

Summary

Wrong value of NFT.

Vulnerability Details

The documentation and code base say that the price of one NFT is equal to 2e18 SantaTokens. In fact, when we want to buy a gift, we will only spend 1e18 token, since the "burn" function can only burn 1 token per call:

function burn(address from) external {
if (msg.sender != i_santasList) {
revert SantaToken__NotSantasList();
}
_burn(from, 1e18);
}

Impact

The buyer of the gift will spend half as much as he should.

Tools Used

Manual review.

Recommendations

To fix the issue, you can change the "burn" function in SantaToken.sol by adding the possibility to input an arbitrary amount:

function burn(address from, uint256 amount) external {
if (msg.sender != i_santasList) {
revert SantaToken__NotSantasList();
}
_burn(from, amount);
}

Also need to change the function "buyPresent" in SantasList.sol:

function buyPresent(address presentReceiver) external {
i_santaToken.burn(presentReceiver, PURCHASED_P2RESENT_COST);
_mintAndIncrement();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Price is not enforced in buyPresent

This line indicates that the intended cost of presents for naughty people should be 2e18: https://github.com/Cyfrin/2023-11-Santas-List/blob/6627a6387adab89ae2ba2e82b38296723261c08a/src/SantasList.sol#L87 PURCHASE_PRESENT_COST should be implemented to enforce the cost of presents.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.