Submission Details
Severity:
Unminted horses can also be fed
Summary
Lack of checks, allowing horses to be fed even if they haven't been minted, making them happy
Vulnerability Details
Add this test to Base_Test.t.sol and run forge test --mt testFeedUnmintedHorse -vvvv to validate the issue
function testFeedUnmintedHorse() public {
uint unmintedHorseId = 666;
vm.warp(horseStore.HORSE_HAPPY_IF_FED_WITHIN());
horseStore.feedHorse(unmintedHorseId);
//not minted, should revert
vm.expectRevert();
horseStore.ownerOf(unmintedHorseId);
assertTrue(horseStore.isHappyHorse(unmintedHorseId));
}
Partial output
[PASS] testFeedUnmintedHorse() (gas: 36805)
Traces:
[36805] HorseStoreSolidity::testFeedUnmintedHorse()
├─ [283] HorseStore::HORSE_HAPPY_IF_FED_WITHIN() [staticcall]
│ └─ ← 86400 [8.64e4]
├─ [0] VM::warp(86400 [8.64e4])
│ └─ ← ()
├─ [22446] HorseStore::feedHorse(666)
│ └─ ← ()
├─ [0] VM::expectRevert(custom error f4844814:)
│ └─ ← ()
├─ [2561] HorseStore::ownerOf(666) [staticcall]
│ └─ ← ERC721NonexistentToken(666)
├─ [568] HorseStore::isHappyHorse(666) [staticcall]
│ └─ ← true
└─ ← ()
Impact
Incomprehensible happiness
Tools Used
manual inspection
Recommendations
Add a check in the feedHorse() function to verify whether the horse has been minted; if not, feeding should not be allowed
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
Nonexistent horses can be fed
Rewards breakdown
nSLOC
460This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.