First Flight #9: Soulmate

First Flight #9

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Anyone can read the message of soulmates with id eqaul to 0.

dimah7

Summary

uint256 nextID variable declared in the Soulmate.sol has a default value of 0. This allows any address that calls readMessageInSharedSpace function to able to read the messages of soulmates with id of 0, due to the code implementation of both writeMessageInSharedSpace and readMessageInSharedSpace functions, as shown below:

@> /// @notice Allows any soulmates with the same NFT ID to write in a shared space on blockchain.

/// @param message The message to write in the shared space.

function writeMessageInSharedSpace(string calldata message) external {

uint256 id = ownerToId[msg.sender];

@> sharedSpace[id] = message;

emit MessageWrittenInSharedSpace(id, message);

}

@> /// @notice Allows any soulmates with the same NFT ID to read in a shared space on blockchain.

function readMessageInSharedSpace() external view returns (string memory) {

// Add a little touch of romantism

return

string.concat(

@> sharedSpace[ownerToId[msg.sender]],

", ",

niceWords[block.timestamp % niceWords.length]

);

}

Vulnerability Details

Add the following in the Soulmate.t.sol file:

Code here:

function test_WriteAndReadSharedSpace() public {

// mints the soulmate token

_mintOneTokenForBothSoulmates();

assertTrue(soulmateContract.totalSupply() == 1);

// sends a message

vm.prank(soulmate1);

soulmateContract.writeMessageInSharedSpace("Want to meet Patrick");

// vm.prank(soulmate2);

// string memory message = soulmateContract.readMessageInSharedSpace();

// instead another user reads it

address insolentUser = makeAddr("soulmate 3");

vm.prank(insolentUser);

string memory returnedMessage = soulmateContract.readMessageInSharedSpace();

string[4] memory possibleMessages = [

"Want to meet Patrick, sweetheart",

"Want to meet Patrick, darling",

"Want to meet Patrick, my dear",

"Want to meet Patrick, honey"

];

bool found;

for (uint i; i < possibleMessages.length; i++) {

if (compare(possibleMessages[i], returnedMessage)) {

found = true;

break;

}

console2.log(returnedMessage);

assertTrue(found);

}

Impact

Low: Since it has minimal to no impact on the protocol's functionality.

Tools Used

Manual Review

Recommendations

Assign the nextID variable to a non-default value:

- uint256 private nextID;

+ uint256 private constant nextID = 1;

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

233

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.