Summary
Lack of checks, allowing horses to be fed even if they haven't been minted, making them happy
Vulnerability Details
Add this test to Base_Test.t.sol
and run forge test --mt testFeedUnmintedHorse -vvvv
to validate the issue
function testFeedUnmintedHorse() public {
uint unmintedHorseId = 666;
vm.warp(horseStore.HORSE_HAPPY_IF_FED_WITHIN());
horseStore.feedHorse(unmintedHorseId);
vm.expectRevert();
horseStore.ownerOf(unmintedHorseId);
assertTrue(horseStore.isHappyHorse(unmintedHorseId));
}
Partial output
[PASS] testFeedUnmintedHorse() (gas: 36805)
Traces:
[36805] HorseStoreSolidity::testFeedUnmintedHorse()
├─ [283] HorseStore::HORSE_HAPPY_IF_FED_WITHIN() [staticcall]
│ └─ ← 86400 [8.64e4]
├─ [0] VM::warp(86400 [8.64e4])
│ └─ ← ()
├─ [22446] HorseStore::feedHorse(666)
│ └─ ← ()
├─ [0] VM::expectRevert(custom error f4844814:)
│ └─ ← ()
├─ [2561] HorseStore::ownerOf(666) [staticcall]
│ └─ ← ERC721NonexistentToken(666)
├─ [568] HorseStore::isHappyHorse(666) [staticcall]
│ └─ ← true
└─ ← ()
Impact
Incomprehensible happiness
Tools Used
manual inspection
Recommendations
Add a check in the feedHorse()
function to verify whether the horse has been minted; if not, feeding should not be allowed