Enum default assigns first value to all users
Summary
The default value of enums assign it's first member to all users. The enum in santalist.sol declare Nice as it's first member which will automatically set all users to Nice.
Vulnerability Details
Every users will have their status set to Nice but as long as santa list did not check them in the second time, they won't be able to perform any action with that NICE attribute but this does not follow the intention of the team as it was stated in the docs that santa must check them twice before they can be eligible for the present, so making a known attribute the default value go against the team intention.
Impact
Users Automatically get an Attribute they are suppose to earn or be checked in for without having to do anything
POC
Run the test above in santaList.t.sol --mt testCheckListWithouctFunctioncall t see it pass Automatically with the call trace below
the return value of the call traces above is 0 which is the representation of the first Item of an enum in this case Nice.
Tools Used
manual review, foundry
Recommendations
The enum members did not follow what was stated in the docs completely, it is recommended for the team to follow what was written in the docs by making the changes below.
removing `NOT_CHECKED_TWICE as it was not part of the members stated in the docs which was not use anywhere in the smart contract and making the enum default value to be UNKNOWN as a user character cannot be determine untill it is confirmed what attribute such user possessed.
Lead Judging Commences
default status is nice
In Solidity the first element of an enum is the default value. In Santa's List, the means each person is mapped by default to 'NICE'.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.