Solidity Contract - Inconsistent state for minted horses
Summary
The function to feedHorse does not have any constraints, therefore it is possible to feed a horse that has not yet been minted.
If we are to assume by the contract description that a horse which has not been fed is not happy, and that a newly minted horse
has not been fed, then a new horse, should be minted in a not happy state. Once the newly minted horse is fed, the horse should
be happy for 1 day after feeding.
Vulnerability Details
it should not be the case that two horses newly minted should have inconsistent states, i.e. one is happy and one is not
happy. We can show that a newly minted horse is not happy, while another newly minted horse is happy, by calling the feedHorse()
function for the second horse, before it has been minted. This is effectively feeding an imaginary horse, which has an effect, post
minting. This is an unexpected behavior observed from the contract as written.
Impact
Moderate
Tools Used
Foundry
Recommendations
Add a check to the feedHorse() function to check if a horse has an owner before allowing the horse to be fed:
require(horseStore.ownerOf(horseId) != address(0))
Lead Judging Commences
Nonexistent horses can be fed
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.