The feedHorse
function lacks input validation, allowing anyone to feed any horse without checking ownership. This could lead to unintended consequences, such as manipulating the feeding timestamp of horses that don't belong to the caller.
Manual code analysis
To address the lack of input validation in feedHorse()
, ensure that the caller is the owner of the horse before allowing them to feed it. By adding a require
statement to check ownership, you prevent unauthorized feeding of horses that don't belong to the caller.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.