First Flight #7: Horse Store
First Flight #7
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

`HorseStore.sol::feedHorse` and `HorseStore.huff::feedHorse` do not check whether the corresponding horse has already been minted, making possible to feed a horse before it exists.

glitchr

Description

According to the documentation, the feedhorse function should allow anyone to feed a horse NFT. However, the timestamp coreesponding to the horseId parameter is updated even if the horseId NFT does not exist (not minted yet).

Impact

Non existing horse NFT can be fed, which seems to break the idea of an NFT.

Since the feedHorse transacation does not revert in this case, the user will not be informed that the horse NFT he fed does not exist.

Newly minted horse will potentially be already fed and be in the happy state.

Proof of concept

Feeding non existing horse does not revert

function testCantFeedHorseBeforeMinted() public {
uint256 timestampFed = 10000000;
vm.warp(timestampFed);
vm.roll(timestampFed);
uint256 horseId = horseStore.totalSupply();
vm.expectRevert();
horseStore.feedHorse(horseId);
}

Newly minted horse NFT is potentially happy if it was fed before it exists

function testNewlyMintedHorseAlwaysUnhappy() public {
uint256 timestampFed = 10000000;
vm.warp(timestampFed);
vm.roll(timestampFed);
uint256 horseId = horseStore.totalSupply();
vm.expectRevert();
horseStore.feedHorse(horseId);
vm.prank(user);
horseStore.mintHorse();
assertEq(horseStore.isHappyHorse(horseId), false);
}

Recommended mitigation

In both HorseStore.sol and HorseStore.huff, feedHorse should revert if there is no owner registered for the horseId parameter.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Nonexistent horses can be fed

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.