First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Everyone is `NICE` by default

t0x1c

Summary

By default, everyone is assigned the NICE status and hence can receive NFT by calling collectPresent().

Vulnerability Details

The NICE status has a value 0 since it is the first element of Status.

enum Status {
NICE,
EXTRA_NICE,
NAUGHTY,
NOT_CHECKED_TWICE
}

In solidity, the mappings s_theListCheckedOnce and s_theListCheckedTwice would also return 0 for any address which does not have an entry in it. Thus, by default every uninitialized address has value 0 and thus, NICE. They would be therefore eligible to claim a NFT via collectPresent() due to the check being satisfied at L154.

PoC

function test_t0x1c_collectPresentAnyone() public {
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.startPrank(user);
santasList.collectPresent();
assertEq(santasList.balanceOf(user), 1);
vm.stopPrank();
}

Impact

Anyone in the world can collectPresent(), if they have not been explicitly marked as NAUGHTY or NOT_CHECKED_TWICE by Santa.

Tools Used

Foundry

Recommendations

Change the order here so that the default status is NOT_CHECKED_TWICE ( you can also choose to keep it as NAUGHTY so that it matches the error message on L165 more closely):

enum Status {
+ NOT_CHECKED_TWICE
NICE,
EXTRA_NICE,
NAUGHTY,
- NOT_CHECKED_TWICE
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

default status is nice

In Solidity the first element of an enum is the default value. In Santa's List, the means each person is mapped by default to 'NICE'.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.