Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

Users can claim prizes without being checked

Summary

A person is supposed to be able to claim their prizes if they were NICE or EXTRA_NICE, which is supposed to be determined by Santa with a double check.
A user who sees that Santa will his status to less than NICE could front-run him and claim his rewards anyway.

Vulnerability Details

Due to the way solidity works, whenever we initialize the mapping address->enum, every user will start of with a status of NICE on both mappings, since in solidity the default value for an enum is the first element, in our case NICE. If a user sees that Santa will reduce their status, they know for sure they would not be able to get their presents, so they can front-run him and claim their NFT, since the checks for s_theListCheckedOnce[msg.sender] == Status.NICE && s_theListCheckedTwice[msg.sender] == Status.NICE would pass.

Impact

Users can simply mint themselves tokens in the event that they would be deemed NAUGHTY

Tools Used

Manual Review

Recommendations

Change the enum of statuses, so that the first element is one that would not allow users to act before Santa. Either swap it for NAUGHTY or add something like NOT_CHECKED

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

default status is nice

In Solidity the first element of an enum is the default value. In Santa's List, the means each person is mapped by default to 'NICE'.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.