First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Logic for handling `NAUGHTY` addresses does not exist

0x141414

Summary

There are no checks or handlers for any addreses checked as NAUGHTY by the santa address.

Vulnerability Details

According to an inline comment on line 87, there is an implied "cost of santa tokens for naughty people to buy presents". This is never enforced anywhere, and the price variable on line 88 is never used.

// this variable is never used in the contract
uint256 public constant PURCHASED_PRESENT_COST = 2e18;

Also, there is a value in the Status enum called NAUGHTY. This enum value is also never used anywhere in the contract.

enum Status {
NICE,
EXTRA_NICE,
NAUGHTY,
NOT_CHECKED_TWICE
}

There seems to be missing logic for the following funcitonality:

  • addresses marked NAUGHTY to acquire ERC-20 SANTA tokens

  • allowing addresses marked as NAUGHTY to buy presents (NFTs) at all

  • pathway for NAUGHTY addresses to acquire ERC-20 SantaTokens at all.

Impact

Addresses checked as NAUGHTY will never by able to acquire SANTA ERC-20 tokens or purchase presents for double the cost, as intended. Effectively preventing NAUGHTY addresses from interacting with the contract at all as intended (per aforementioned comments and variable names).

Leaving unused variables also unnecessarily increases deployment gas costs for the contract.

Tools Used

Forge

Recommendations

There are 2 options

  • Remove both the NAUGHTY options in the Status enum and the PURCHASED_PRESENT_COST storage variable.

OR

  • Add logic for ability to mint tokens and purchase NFTs for addresses with the NAUGHTY Status.

Updates

Lead Judging Commences

inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.