First Flight #12: Kitty Connect

First Flight #12: Kitty Connect
Beginner FriendlyFoundryNFTGameFi
100 EXP
View results
Submission Details
Severity: low
Valid

"mintCatToNewOwner()" with "dob" parameter, might lead to overflow/underflow

Summary

"mintCatToNewOwner()" with "dob" parameter, might lead to overflow/underflow.

Vulnerability Details

"mintCatToNewOwner()" with "dob" parameter, might lead to overflow/underflow, inside getCatAge() since there is this piece of code there:

block.timestamp - s_catInfo[tokenId].dob;

resulting a revert inside getCatAge(), depending on what has been passe initially inside "mintCatToNewOwner()";

Impact

Medium, nobody will be able to fetch the given cat age.

Tools Used

Manual review.

Recommendations

Do not pass "dob" as parameter to mintCatToNewOwner() instead keep it internal, cause obviously the dateOfBirth can be the time when mintCatToNewOwner() is called so "dob: block.timestamp" inside the "CatInfo" struct will do the job.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Inputed cat dob can be in the future, making a function revert due to underflow.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.