Submission Details
Severity:
Unauthorized access to checkList function
Summary
SantasList::checkList function can be called by anyone and change the s_theListCheckedOnce state.
Vulnerability Details
The function SantasList::checkList does not check if the caller is i_santa, this allows anyone to call the function and modify state.
Impact
Unauthorized update to s_theListCheckedOnce storage variable.
Forge test case
function testCanCallCheckListAsAnyUser() public {
address maliciousUser = makeAddr("maliciousUser");
address randomUser = makeAddr("randomUser");
vm.prank(maliciousUser);
santasList.checkList(randomUser, SantasList.Status.NAUGHTY);
assertEq(uint256(santasList.getNaughtyOrNiceOnce(randomUser)), uint256(SantasList.Status.NAUGHTY));
}
Tools Used
Foundry
Recommendations
Add onlySanta function modifier to checkList function
-function checkList(address person, Status status) external {
+function checkList(address person, Status status) external onlySanta{
s_theListCheckedOnce[person] = status;
emit CheckedOnce(person, status);
}
Updates
Lead Judging Commences
inallhonesty about 2 years ago
Submission Judgement Published Assigned finding tags:
Access Control on checkList()
Anyone is able to call checkList() changing the status of a provided address. This is not intended functionality and is meant to be callable by only Santa.
Rewards breakdown
nSLOC
116This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.