Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: low
Invalid

The `feedHorse` lacks access control, allowing anyone to feed any horse without verifying permissions

Vulnerability Report: Lack of Access Control in feedHorse()

Impact

The feedHorse function lacks access control, allowing anyone to feed any horse without verifying permissions. This could lead to unintended feeding of horses, potentially disrupting the intended behavior of the contract.

Proof of Concept

// In IHorseStore.sol
// Original existing code snippet in feedHorse()
function feedHorse(uint256 horseId) external;

Tools Used

  • Manual code analysis

Recommendation

To mitigate the lack of access control in feedHorse(), ensure that the caller is either the owner or an approved address for the specified horse. Adding a require statement to check ownership or approval helps prevent unauthorized feeding of horses.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.