First Flight #5: Santa's List

First Flight #5

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

No restriction for Santa in `collectPresent()`

n0kto

Summary

The collectPresent function in the SantasList.sol allows Santa to give himself a gift. According to the documentation, only users can call this function to have a gift.

Vulnerability Details

The vulnerable code can be found in the collectPresent function. The function checks if the current timestamp is before the Christmas 2023 block time and if the caller has not already collected a gift. However, it does not enforce any additional restrictions on Santa, allowing Santa to give himself a gift.

PoC

function testDontVerifyIfSantaCollectPresent() public {

vm.startPrank(santa);

santasList.checkList(santa, SantasList.Status.NICE);

santasList.checkTwice(santa, SantasList.Status.NICE);

vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);

santasList.collectPresent();

assertEq(santasList.balanceOf(santa), 1);

vm.stopPrank();

}

Impact

This vulnerability allows Santa to abuse the system and obtain one gift. Which is not wanted according to the documentation.
Moreover, because of an other vulnerability ("Inadequate Verification of Distributed Presents"), Santa can steal all the gifts.

Without exploiting other vulnerabilities, this one is only Medium because it should only permit Santa (one person) to have one gift by himself (very moderate loss for the protocol).

Tools Used

Manual review

Recommendations

To fix this vulnerability, additional checks should be implemented in the collectPresent function to ensure that Santa is not able to give himself a gift. This can include verifying the sender's address and don’t accept Santa’s address. One solution is to add this modifier to collectPresent():

error SantasList__IsSanta();

modifier notSanta() {

if (msg.sender == i_santa) {

revert SantasList__IsSanta();

}

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Rewards breakdown

nSLOC

116

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.