Submission Details
Severity:
According to the documentation of SantaList, The `presentReceiver` is `NAUGHTY` in the `buyPresent` function. but, Check is missing in the `buyPresent` function.
Summary
According to the documentation of SantaList, The
presentReceiverisNAUGHTYin thebuyPresentfunction. but, Check is missing in thebuyPresentfunction.
Vulnerability Details
Check is missing in the
buyPresentfunction to check thepresentReceiverisNAUGHTY
function buyPresent(address presentReceiver) external {
@> i_santaToken.burn(presentReceiver);
_mintAndIncrement();
}
Reference from the documentation of SantaList
Once they are checked twice, NICE users can collect their NFT, and EXTRA_NICE users can collect their NFT and they are given SantaTokens.
@> The SantaToken is an ERC20 that can be used to buy the NFT for their NAUGHTY or UNKNOWN friends.
Impact
Anyone can buy the NFT for NICE or Extra NICE users which create confilict with the documentation of SantaList
Tools Used
Manual Review
Recommendations
By Adding the check in the
buyPresentfunction, we can avoid the prsentReceiver as NICE or Extra NICE and can avoid the conflict with the documentation of SantaList
+ error SantasList__NotNAUGHTY();
function buyPresent(address presentReceiver) external {
+ if (s_theListCheckedTwice[presentReceiver] != Status.NAUGHTY) {
+ revert SantasList__NotNAUGHTY();
+ }
i_santaToken.burn(presentReceiver);
_mintAndIncrement();
}
Updates
Rewards breakdown
nSLOC
116This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.