Users can collect present more than once in SantasList.collectPresent()
Summary
The collectPresent function in the provided code introduces a vulnerability in the smart contract Which allows users to be able to collect presents more than once.
Vulnerability Details
Any user that has been checked twice and eligible to collect present can collect the present and transfer to another address then collect again because of the check on line 151.
Impact
The vulnerability exposes a flaw in the contract's conditional checks, enabling an attacker to undermine the intended security and functionality of the collectPresent function.
POC
in the test file add this line of code as a state variable:
address reciever = makeAddr("reciever");
then add this block of code to the file:
after that run this command to confirm the exploit
forge t --mt testAttackCollectPresent
Tools Used
Foundry & Manual Review
Recommendations
A mapping could be implemented to mitigate it, say using a mapping of address => bool and calling it hasClaimed so if a user has passed all the checks in the function has claimed can be set to true then a require statement would be needed to check if the user has claimed before or not.
Lead Judging Commences
Weak Already Collected Check
Relying on balanceOf > 0 in collectPresent() allows the msg.sender to send their present to another address and then collect again.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.