Unutilized 'PURCHASED_PRESENT_COST' Constant in 'SantasList' Contract
Summary
The SantasList contract declares a constant PURCHASED_PRESENT_COST set to 2e18, but this value is never utilized in the contract's logic.
Vulnerability Details
The constant PURCHASED_PRESENT_COST in SantasList.sol is defined to presumably represent the cost of purchasing presents with SantaTokens. However, it was never used. I suspect that it should be use for minting and burning in the "SantaToken" contract.
Impact
The unused constant may lead to confusion about the contract's intended functionality. It suggests a token cost for certain actions which, in practice, are not enforced or referenced within the contract's logic.
Tools Used
Manual inspection
Recommendations
Clarify the intended use of PURCHASED_PRESENT_COST. If it is meant to represent the cost for purchasing presents, integrate it appropriately into the contract's logic. If it is not needed, consider removing the constant to avoid confusion.
Lead Judging Commences
Price is not enforced in buyPresent
This line indicates that the intended cost of presents for naughty people should be 2e18: https://github.com/Cyfrin/2023-11-Santas-List/blob/6627a6387adab89ae2ba2e82b38296723261c08a/src/SantasList.sol#L87 PURCHASE_PRESENT_COST should be implemented to enforce the cost of presents.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.