There is a logical issue in the feedHorse(uint256 horseId)
function, where it currently allows feeding of horses that may not have been minted yet. This oversight could lead to inconsistencies and unexpected behavior within the contract's state.
The feedHorse
function updates the horseIdToFedTimeStamp
mapping to record the last time a horse was fed. However, this function does not verify whether the horseId
provided corresponds to a horse that has been minted and exists within the contract. As a result, it is possible to feed a horse that doesn't exist (i.e., a horse with an ID that has not been minted yet).
This logical flaw could lead to several issues:
It allows users to interact with non-existent NFTs, leading to a state where the contract records and acts upon invalid data.
It may cause confusion and potentially impact the integrity of the game mechanics, especially if the state of unminted horses is queried or utilized in other functions or external contracts.
Manual revision
To address this issue, implement a check in the feedHorse
function to ensure that the horse has been minted before allowing it to be fed. This can be achieved by comparing the horseId
against the totalSupply()
of the contract, as totalSupply()
indicates the number of horses minted so far. Here is a suggested modification:
This change ensures that the feedHorse
function will only execute if the horseId is valid (i.e., the horse has been minted). It uses totalSupply()
as a reference since the mintHorse
function mints horses sequentially starting from 0. This check will prevent users from interacting with non-existent horses and help maintain the integrity and intended functionality of the contract.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.