First Flight #5: Santa's List
First Flight #5
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

collectPresent() can be called at anytime after christmas

Mj0ln1r

Summary

The christmas present should only be collected with 24 hours before or after christmas. But the present can be minted at anytime after christmas.

Vulnerability Details

Documenation mentioned that "The Christmas date is approximate, if it's more then 24 hours before or after Christmas, please report that. Otherwise, it's OK."

The collectPresent() has only checked that the present cannot be collected before the christmas. But hasn't checked in the case of after christmas collection.

function collectPresent() external {
if (block.timestamp < CHRISTMAS_2023_BLOCK_TIME) {
revert SantasList__NotChristmasYet();
}
if (balanceOf(msg.sender) > 0) {
revert SantasList__AlreadyCollected();
}
if (s_theListCheckedOnce[msg.sender] == Status.NICE && s_theListCheckedTwice[msg.sender] == Status.NICE) {
_mintAndIncrement();
return;
} else if (
s_theListCheckedOnce[msg.sender] == Status.EXTRA_NICE
&& s_theListCheckedTwice[msg.sender] == Status.EXTRA_NICE
) {
_mintAndIncrement();
i_santaToken.mint(msg.sender);
return;
}
revert SantasList__NotNice();
}

uint256 public constant CHRISTMAS_2023_BLOCK_TIME = 1_703_480_381;
The UTC time for this epoch is : Monday, 25 December 2023 04:59:41 .
The present can only be collected after approx 5 hours after the christmas arrived. But it can be collectable at anytime after Christmas. As there is no check for the after christmas case.

Impact

The impact of this vulnerability is that the intended use of the protocol is not acquired.

Proof Of Code :

function testCollectPresentNiceAfterChristmas() public {
vm.startPrank(santa);
santasList.checkList(user, SantasList.Status.NICE);
santasList.checkTwice(user, SantasList.Status.NICE);
vm.stopPrank();
vm.warp(1703900189); // Saturday, 30 December 2023 01:36:29
vm.startPrank(user);
santasList.collectPresent();
assertEq(santasList.balanceOf(user), 1);
vm.stopPrank();
}

Add this test to SantasListTest.t.sol and run forge test --mt testCollectPresentNiceAfterChristmas to test.
You can observe that the present is collectable at Saturday, 30 December 2023 01:36:29.

Tools Used

Manual Review

Recommendations

Include check for the after 24 hours of christmas.

function collectPresent() external {
- if (block.timestamp < CHRISTMAS_2023_BLOCK_TIME) {
+ if (block.timestamp < CHRISTMAS_2023_BLOCK_TIME && block.timestamp > 1703554589 ) {
revert SantasList__NotChristmasYet();
}
if (balanceOf(msg.sender) > 0) {
revert SantasList__AlreadyCollected();
}
if (s_theListCheckedOnce[msg.sender] == Status.NICE && s_theListCheckedTwice[msg.sender] == Status.NICE) {
_mintAndIncrement();
return;
} else if (
s_theListCheckedOnce[msg.sender] == Status.EXTRA_NICE
&& s_theListCheckedTwice[msg.sender] == Status.EXTRA_NICE
) {
_mintAndIncrement();
i_santaToken.mint(msg.sender);
return;
}
revert SantasList__NotNice();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

collectPresent is callable after Christmas

check on block.timestamp only requires that christmas has arrived. The protocol explicitly states that after christmas has passed (give or take 24 hours) collecting shouldn't be possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.