Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: low
Valid

Allows to feed any horse even if it has not been minted

Summary

Mapping ´´´horseIdToFedTimeStamp´´´ allows anybody to feed any horse even if it has not been minted.

Vulnerability Details

There is no check to prevent not minted horses from being fed in the ´´´feedHorse()´´´ function.

Impact

Missfunction of the protocol. Horses that have not been minted should not be fed.

Tools Used

Test this function with Foundry:

´´´
function testMintedHorse() public{
vm.warp(5 days);
horseStore.feedHorse(0);
horseStore.feedHorse(15);
assertEq(horseStore.isHappyHorse(0), true);
assertEq(horseStore.isHappyHorse(15), true);
}
´´´solidity

Recommendations

Add a state variable that keeps the number of minted horses check which makes sure the horse has been minted before feeding it. Minting a horse should also increase this variable:

´´´
+uint256 public mintedHorses;
.
.
.
function mintHorse() external {
_safeMint(msg.sender, totalSupply());

  •  mintedHorses++;
    

    }
    .
    .
    .
    function feedHorse(uint256 horseId) external {

  •  require(horseId < mintedHorses, "This horse has not been minted yet); 
      horseIdToFedTimeStamp[horseId] = block.timestamp;
    

    }

´´´

Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Nonexistent horses can be fed

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.