Submission Details
Severity:
Reentrancy in SantasList.buyPresent(address)
Summary
The reentrancy vulnerability will allow people to mint many NFTs as it doesn't take into account whether or not they already currently have an NFT minted to their account and furthermore it only burns 1e18 SantaToken when it should be burning 2e18.
Vulnerability Details
there is no limit to how many NFTs a user can mint for themselves
Users will be able to mint an NFT for cheaper than the actual price.
Impact
people will be able to mint an unlimited amount of NFT as there isn't a limit.
if many people can mint the NFT without any limit, the NFT will not have as much value.
function testBuyPresentReentrancyAttack() public {
vm.startPrank(address(santasList));
// mint the user 4e18 in total
santaToken.mint(user);
santaToken.mint(user);
santaToken.mint(user);
santaToken.mint(user);
vm.stopPrank();
vm.startPrank(user);
santasList.buyPresent(user);
santasList.buyPresent(user);
santasList.buyPresent(user);
santasList.buyPresent(user);
assertEq(santasList.balanceOf(user), 4);
vm.stopPrank();
}
Tools Used
Slither
Foundry Tests
Recommendations
+ error SantasList__NotEnoughSantaTokens();
function buyPresent(address presentReceiver) external {
// you could if wanted not have this modifier because the burn would also revert it there wasn't enough tokens to call this function
+ if (i_santaToken.balanceOf(presentReceiver) < 2e18) {
+ revert SantasList__NotEnoughSantaTokens();
+ }
+ if (balanceOf(msg.sender) > 0) {
+ revert SantasList__AlreadyCollected();
+ }
i_santaToken.burn(presentReceiver);
_mintAndIncrement();
}
Updates
Rewards breakdown
nSLOC
116This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.