Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: low
Valid

Feed inexistent horse

Summary

Calling feedHorse is allowed with an inexistent horseId.

Vulnerability Details

The function feedHorse does not check if the horseId has been already minted and allows further functionality like isHappyHorse to be used.

Impact

Impact is high since the contract functionality can be used without an existing horse NFT.

Tools Used

Manual review

Recommendations

Revert if the horseId is missing. Something like:

if (horseId >= totalSupply()) {
revert MissingHorseId();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Nonexistent horses can be fed

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.