Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Invalid

buyPresent underflow

Summary

If a user with no SantaTokens tries to buy a present, the burn function triggers an underflow.
A user with SantaTokens tries to buy someone with no SantaTokens a present, the receiver address is used for the burn function and also causes and underflow.

Vulnerability Details

User with no tokens can call buyPresent function and cause the contract to underflow.
User with tokens should not be able to burn the tokens of a presentReceiver.

Impact

Unnecessary execution failure, and no way to buy a present for anyone other than someone Extra_Nice can buy one for themselves.

Tools Used

Foundry

Recommendations

Require user to have an adequate balance of SantaToken to buyPresent, else revert. The user should buy the present and transfer it to the presentReciever.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.