SantasList::buyPresent
burns tokens from presentReceiver
instead of sender
SantasList::buyPresent
is a function that allows any user to burn SantaTokens and mint NFT presents to a receiver address. Instead of burning SANTA from the msg.sender
the function is burning from the presentReceiver
. A malicious actor can pass the address of any user that has already given token allowance to the SantasList
contract, burning tokens from their wallets, and allowing the actor to mint the NFT for free.
Output:
HIGH, minting NFT tokens for free, lost of user's funds.
Manual Review
Foundry
Burn tokens from msg.sender
instead of presentReceiver
address.
Current implementation allows a malicious actor to burn someone else's tokens as the burn function doesn't actually check for approvals.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.