Inconsistent NFT price
Summary
Vulnerability Details
The documented price for buying an NFT is 2e18, while the actual function code burns only 1e18 and The documented token reward for "extra nice" users who collect NFTs is 2e18, while the actual function code mints only 1e18 tokens. the purchased cost that was declared was not used.
Impact
This discrepancy is a critical issue, as it could lead to user dissatisfaction and a lack of trust in the platform.
Tools Used
manual review
Recommendations
Update the buyNFT function to burn 2e18 instead of 1e18. This will ensure that the price of an NFT matches the documented price.
Update the collectNFT function to mint 2e18 tokens for "extra nice" users. This will ensure that users are rewarded with the correct amount of tokens, as stated in the documentation.
Lead Judging Commences
Price is not enforced in buyPresent
This line indicates that the intended cost of presents for naughty people should be 2e18: https://github.com/Cyfrin/2023-11-Santas-List/blob/6627a6387adab89ae2ba2e82b38296723261c08a/src/SantasList.sol#L87 PURCHASE_PRESENT_COST should be implemented to enforce the cost of presents.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.