First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Unchecked people can still claim a free nft

alexbabits

Summary

Enums default to their first element. Therefore, the default status of any address in both s_theListCheckedOnce and s_theListCheckedTwice is NICE. This allows any user who has not been checked by Santa via checkList and checkTwice to call collectPresent and pass it's status checks, claiming a free NFT.

PoC

Add this test to the existing test suite.

address theGrinch = makeAddr("theGrinch");
function test_Collect_Present_Without_Getting_Checked() public {
// Notice the lack of checks from Santa. theGrinch has not been checked.
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.startPrank(theGrinch);
santasList.collectPresent();
assertEq(santasList.balanceOf(theGrinch), 1);
vm.stopPrank();
}

Impact

Users who have not been checked by Santa can collect a NFT present after Christmas, even though they should not be able to.

Tools Used

Manual Review

Recommendations

Set the first type to be status NOT_CHECKED_TWICE. You could also default all users to NAUGHTY. Either will successfully revert during the NICE status check.

enum Status {
NOT_CHECKED_TWICE,
NAUGHTY,
NICE,
EXTRA_NICE
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

default status is nice

In Solidity the first element of an enum is the default value. In Santa's List, the means each person is mapped by default to 'NICE'.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.