The MINT_HORSE
macro in HuffStore.huff contract has a vulnerability that restricts users from minting more than one horse. The macro or associated _MINT
function contains logic preventing unlimited minting, contrary to the intended behavior.
The MINT_HORSE
macro in HuffStore.huff contains logic that restricts users to minting only one horse. This limitation is not aligned with the project requirements, where users should be allowed to mint an unlimited number of horses.
Code snippet:
The impact of this issue is significant as it directly contradicts the project requirements. Users are unable to mint more than one horse, leading to a deviation from the expected behavior. This limitation may affect user experience and hinder the project's functionality.
Copy the below test
Run it via forge test --match-test testUserCannotMintUnlimitedInHuff -vvv
and you will see the below result
Result:
Also, digging more into this. It seems like the total supply is NOT increasing. Run the below test for proof;
Manual review.
Update Minting Logic:
Revise the logic within the _MINT
function or the MINT_HORSE
macro to allow users to mint an unlimited number of horses.
Verify TOTAL_SUPPLY Handling:
Ensure that the handling of TOTAL_SUPPLY
is appropriately implemented and does not unintentionally restrict minting.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.