The first value of `SantasList::Status` is `NICE` making everyone `NICE` by default
Summary
Each address in the two mappings, SantasList::s_theListCheckedOnce and SantasList::s_theListCheckedTwice, is automatically assigned the NICE status by default, as it represents the initial value in the Status enum.
Vulnerability Details
In Solidity, a variable of a user-defined enum type does not have a null value. Instead, it defaults to the first value in the list of possible values, indexed at 0. In the Status enum, the first value is NICE. Consequently, any access to the two Santa's lists, SantasList::s_theListCheckedOnce and SantasList::s_theListCheckedTwice, will return a default value of NICE for individuals who have not yet been checked.
Impact
The default assignment of a NICE status to everyone in the two lists, including those unknown or still not checked, makes them eligible for receiving the NFT present, unless specifically checked otherwise by Santa.
Tools Used
Manual review.
Recommendations
To address this, consider rearranging the enum Status as follows:
By making NOT_CHECKED_TWICE the first value, you ensure a more logical default status for individuals who have not yet been checked.
Lead Judging Commences
default status is nice
In Solidity the first element of an enum is the default value. In Santa's List, the means each person is mapped by default to 'NICE'.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.