First Flight #12: Kitty Connect

Beginner FriendlyFoundryNFTGameFi

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Date of birth of a cat should be equal to block.timestamp

0xeLSeR17

Summary

CatInfo.dob should not be an arbitrary parameter.

Vulnerability Details

KittyConnect::CatInfo struct has a uint256 dob variable which represents the date of birth of the cat. This variable can have the value desired by the shop partner minting the cat, which is a clear mistake, it should be as follows: dob = block.timestamp;. As we do not have a list of existing cats with their data, it is required to suppose that a new minted cat is born at the moment of minting.

It is even possible to set the date of birth at a time that has not come yet (e.g. year 2100).

Impact

Cats' date of birth is not a reliable variable, calling function KittyConnect::getCatAge() will probably return an incorrect date of birth of the cat. If the set dob is higher than the current time, the function will revert.

Tools Used

Manual review

Recommendations

When minting a new cat, dob should be equal to the current time, not a parameter chosen by the shop partner.

-function mintCatToNewOwner(address catOwner, string memory catIpfsHash, string memory catName, string memory breed, uint256 dob) external

-onlyShopPartner {

+function mintCatToNewOwner(address catOwner, string memory catIpfsHash, string memory catName, string memory breed) external onlyShopPartner {

require(!s_isKittyShop[catOwner], "KittyConnect__CatOwnerCantBeShopPartner");

uint256 tokenId = kittyTokenCounter;

kittyTokenCounter++;

s_catInfo[tokenId] = CatInfo({

catName: catName,

breed: breed,

image: catIpfsHash,

- dob: dob,

+ dob: block.timestamp,

prevOwner: new address[](0),

shopPartner: msg.sender,

idx: s_ownerToCatsTokenId[catOwner].length

});

s_ownerToCatsTokenId[catOwner].push(tokenId);

_safeMint(catOwner, tokenId);

emit CatMinted(tokenId, catIpfsHash);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Inputed cat dob can be in the future, making a function revert due to underflow.

Rewards breakdown

nSLOC

235

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.