First Flight #9: Soulmate

First Flight #9

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

In 'Airdrop.sol::claim' the check if the address claiming is divorced does not work

coffee

Summary

In 'Airdrop.sol::claim' the check if the address claiming is divorced does not work because the address calling the isDivorced() function is the Airdrop.sol contract and not the msg.sender of claim()

Vulnerability Details

The isDivorced() call will always return as false because the Airdrop.sol contract is the one calling the function and not the msg.sender of the claim() function.

Impact

This test passes as true showing that a divorced soulmate can still claim from the Airdrop.sol

function _divorceSoulmates() internal {

vm.prank(soulmate1);

soulmateContract.getDivorced();

vm.prank(soulmate1);

soulmateContract.isDivorced();

}

function test_ClaimWhenDivorced() public {

_mintOneTokenForBothSoulmates();

// Not enough day in relationship

vm.prank(soulmate1);

vm.expectRevert();

airdropContract.claim();

vm.warp(block.timestamp + 200 days + 1 seconds);

_divorceSoulmates();

vm.prank(soulmate1);

airdropContract.claim();

assertTrue(loveToken.balanceOf(soulmate1) == 200 ether);

vm.prank(soulmate2);

airdropContract.claim();

assertTrue(loveToken.balanceOf(soulmate2) == 200 ether);

}

Tools Used

--Foundry

Recommendations

It is recommended to change the isDivorced() function or to create a new function to be able to check if an input address is divorced and not the msg.sender.

function isDivorced() public view returns (bool) {

return divorced[msg.sender];

}

+ function isDivorcedCheck(address checkDivorced) public view returns (bool) {

+ return divorced[checkDivorced];

+ }

function claim() public {

// No LoveToken for people who don't love their soulmates anymore.

- if (soulmateContract.isDivorced()) revert Airdrop__CoupleIsDivorced();

++ if (soulmateContract.isDivorcedCheck(msg.sender)) revert Airdrop__CoupleIsDivorced();

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-isDivorced-wrong-check

Rewards breakdown

nSLOC

233

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.