First Flight #10: One Shot
First Flight #10
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Rapper Stats Will Return Strong Stats for Non-existing Rapper

n0kto

Description

OneShot::getRappersStats allows people to retrieve the stats of a rapper. However, it doesn't assert whether the rapper exists, which will return default values where false represents a stronger rapper for the first three attributes. Since challenger during a battle doesn't have to transfer their rappers, no more checks prevent a non-existing rapper from being chosen by this challenger.

function getRapperStats(
uint256 tokenId
) public view returns (RapperStats memory) {
@>
return rapperStats[tokenId];
}

Impact

Likelyhood: High

  • For every non-existing rapper.

Impact: High

  • For every battle, a challenger can choose a non-existing rapper to have a rapper stronger than a new one without waiting.

Proof of Concept

Foundry PoC to add in
function testGetUnexistingRapperStats() public {
IOneShot.RapperStats memory unexistingStats = oneShot.getRapperStats(0);
// Assertion Failed
// It means an unexisting rapper have better characteristics than a new one
assertTrue(unexistingStats.weakKnees);
assertTrue(unexistingStats.spaghettiSweater);
assertTrue(unexistingStats.heavyArms);
// Assertion succeed
assertFalse(unexistingStats.calmAndReady);
}

Recommended Mitigation

Revert if the rapper doesn't exist.

function getRapperStats(
uint256 tokenId
) public view returns (RapperStats memory) {
+ require(ownerOf(tokenId) != address(0));
return rapperStats[tokenId];
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.