First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Sybil attack caused by default enum Status

dcheng

Summary

The default value for any person in storage variables SantasList::s_theListCheckedOnce and SantasList::s_theListCheckedTwice is NICE. This results in anyone can call SantasList::collectPresent and mint an NFT. A malicious user can create multiple accounts and mint multiple NFTs.

Vulnerability Details

The default value for a enum type is it's first member, and in this case, the default value is NICE. SantasList::collectPresent function allows a user to mint a NFT if their address is marked NICE in storage variables s_theListCheckedOnce and s_theListCheckedTwice. Since the default value is NICE, anyone can mint a NFT. A malicious user can create multiple accounts and mint multiple NFTs.

Impact

Unlimited NFT mints

Forge test case

function testCanCollectPresentWithoutBeingChecked() public {
address randomUser = makeAddr("randomUser");
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
assertEq(santasList.balanceOf(randomUser), 0);
vm.startPrank(randomUser);
santasList.collectPresent();
assertEq(santasList.balanceOf(randomUser), 1);
}

Tools Used

  • Foundry

Recommendations

Change first member of enum Status to NOT_CHECKED_TWICE

enum Status {
+ NOT_CHECKED_TWICE,
NICE,
EXTRA_NICE,
NAUGHTY,
- NOT_CHECKED_TWICE
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

default status is nice

In Solidity the first element of an enum is the default value. In Santa's List, the means each person is mapped by default to 'NICE'.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.