First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

`2e18` should be used as present cost and not `1e18`

davide

Summary

SantaToken::mint() and SantaToken::burn() are using 1e18 respectively for the mint of the token when someone EXTRA_NICE collect the present and for burning it when someone buy the present, instead as described in the docs 2e18 should be the gift and the cost respectively.

Impact

The implementation is not respecting the documentation and as a consequence the gift is smaller and also the price to buy a present for someone NAUGHTY.

Tools Used

Manual review.

Recommendations

function mint(address to) external {
if (msg.sender != i_santasList) {
revert SantaToken__NotSantasList();
}
+ _mint(to, 2e18);
}
function burn(address from) external {
if (msg.sender != i_santasList) {
revert SantaToken__NotSantasList();
}
+ _burn(from, 2e18);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Price is not enforced in buyPresent

This line indicates that the intended cost of presents for naughty people should be 2e18: https://github.com/Cyfrin/2023-11-Santas-List/blob/6627a6387adab89ae2ba2e82b38296723261c08a/src/SantasList.sol#L87 PURCHASE_PRESENT_COST should be implemented to enforce the cost of presents.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.