First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Anyone can call SantasList.CheckList due to missing implementation of onlySanta modifier

pelz

Summary

The discovered security issue allows unauthorized users to access the SantasList.checklist function and assign a status to any address of their choice. This creates a serious danger because it allows unauthenticated users to modify the status assignments, potentially resulting in illegal access or harmful activity within the contract.

Vulnerability Details

Any user, without proper authentication, can call this function and assign a chosen address any status, presenting a risk of unauthorized access and potential misuse. at Checklist() function

Impact

The contract is susceptible to unauthorized manipulation through the checklist function.

POC

add the following block of code to the test file:

function testAttackCheckList() public {
vm.prank(user);
santasList.checkList(user, SantasList.Status.EXTRA_NICE);
assertEq(
uint256(santasList.getNaughtyOrNiceOnce(user)),
uint256(SantasList.Status.EXTRA_NICE)
);
}

then run the command below to check it out:
forge t --mt testAttackCheckList

Tools Used

Foundry

Recommendations

In the function, including the onlySanta modifier could solve the issue:

function checkList(address person, Status status) external onlySanta{
s_theListCheckedOnce[person] = status;
emit CheckedOnce(person, status);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Access Control on checkList()

Anyone is able to call checkList() changing the status of a provided address. This is not intended functionality and is meant to be callable by only Santa.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.