First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

User can buyPresent without approving the "SantasList" contract

dianivanov

Summary

The function "buyPresent" in "SantasList" contract does not need approval for the contract as stated in the doc.

Vulnerability Details

Adding the following test in SantasListTest.t.sol and running it is passing:

function testBuyPresentWithoutApprove() public {
vm.startPrank(santa);
santasList.checkList(user, SantasList.Status.EXTRA_NICE);
santasList.checkTwice(user, SantasList.Status.EXTRA_NICE);
vm.stopPrank();
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.startPrank(user);
santasList.collectPresent();
// approve was not called before buying a present
santasList.buyPresent(user);
// the user bought a present for himself successfully
assertEq(santasList.balanceOf(user), 2);
assertEq(santaToken.balanceOf(user), 0);
vm.stopPrank();
}

Impact

The "buyPresent" function is not working as expected from the doc.

Tools Used

Manual inspection & Foundry testing

Recommendations

If you want the "buyPresent" function to work only if approve was called make the following changes to the function:

function buyPresent(address presentReceiver) external {
    //transfer the tokens to the contract first
    //transferFrom will transfer only if the current contract was approved from the msg.sender
    i_santaToken.transferFrom(msg.sender, address(this));
    i_santaToken.burn(address(this));
    _mintAndIncrement();
}

OR

You can change the "burn" function in "SantaToken.sol" contract to make checks if the allowances of the given user are sufficient
and subtract as many allowances as burnt

Updates

Lead Judging Commences

inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.