First Flight #7: Horse Store
First Flight #7
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Missing checks for existance of specific `horseId` in functions `HorseStore::feedhorse` and `HorseStore::isHappyHorse`

paprikrumplikas

Summary

In functions HorseStore::feedhorse and HorseStore::isHappyHorse, it is not checked whether the horseId provided to these functions as an input parameter actually exists (i.e. whether a horse with that horseId has been minted yet or not).

Vulnerability Details

Consider the following series of steps:

  1. horseId=X does not exist yet, but the HorseStore::feedhorse is called on it,

  2. Horse with horseId=X is minted immediately after step 1.

  3. Happyness of horseId=X is queired with HorseStore::isHappyHorse, and the query will return true` even though the horse has never been actually fed.

function test_neverFedHorseAppearsHappy() public {
uint256 horseId = horseStore.totalSupply();
console2.log(horseStore.isHappyHorse(horseId));
horseStore.feedHorse(horseId);
console2.log(horseStore.isHappyHorse(horseId));
vm.prank(user);
horseStore.mintHorse();
console2.log(horseStore.isHappyHorse(horseId));
}

Impact

The information about fed status provided by the protocol becomes unreliable.

Tools Used

Manual review.

Recommendations

Implement a check in the very beginning of both the HorseStore::feedhorseand theHorseStore::isHappyHorse` functions.

require(horseId < totalSupply());
Updates

Lead Judging Commences

inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Nonexistent horses can be fed

paprikrumplikas Submitter
almost 2 years ago
inallhonesty Lead Judge
almost 2 years ago
inallhonesty Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Nonexistent horses can be fed

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.