Unused PURCHASED_PRESENT_COST
Summary
The variable PURCHASED_PRESENT_COST is not being utilized, and it's unclear if the hardcoded values in the code are correct.
Vulnerability Details
The lack of clarity regarding whether the tokens minted in rewards and burned in claims are correct raises concerns about the accuracy of the mint/burn ratio. This ambiguity may lead to unexpected behaviors.
Impact
The impact could manifest if the mint is set correctly at 1e18, and the burn should be PURCHASED_PRESENT_COST , buyPresent is actually costing half of the intended amount.
Tools Used
Foundry
Recommendations
Ensure proper usage of constants such as PURCHASED_PRESENT_COST to maintain the correct mint/burn ratio. Verify that hardcoded values align with the intended behavior.
Lead Judging Commences
Price is not enforced in buyPresent
This line indicates that the intended cost of presents for naughty people should be 2e18: https://github.com/Cyfrin/2023-11-Santas-List/blob/6627a6387adab89ae2ba2e82b38296723261c08a/src/SantasList.sol#L87 PURCHASE_PRESENT_COST should be implemented to enforce the cost of presents.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.