First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

`SantasList::buyPresent` function only burn `1e18` token instead of `2e18`

aethrouzz

Summary

The doc say buyPresent: A function that trades 2e18 of SantaToken for an NFT. This function can be called by anyone.
but in reality it will be possible to call it with only 1e18

Vulnerability Details

the function call i_santaToken.burn(presentReceiver); which is

function burn(address from) external {
if (msg.sender != i_santasList) {
revert SantaToken__NotSantasList();
}
_burn(from, 1e18);
}

so it will allow a user to mint an NFT for 1e18

Impact

I can screw up the tokenomic of the projet, so it needs to be fixed

Tools Used

read the code

Recommendations

make this change

- function burn(address from) external {
- if (msg.sender != i_santasList) {
- revert SantaToken__NotSantasList();
- }
- _burn(from, 1e18);
- }
+ function burn(address from) external {
+ if (msg.sender != i_santasList) {
+ revert SantaToken__NotSantasList();
+ }
+ _burn(from, 2e18);
+ }
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Price is not enforced in buyPresent

This line indicates that the intended cost of presents for naughty people should be 2e18: https://github.com/Cyfrin/2023-11-Santas-List/blob/6627a6387adab89ae2ba2e82b38296723261c08a/src/SantasList.sol#L87 PURCHASE_PRESENT_COST should be implemented to enforce the cost of presents.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.