First Flight #12: Kitty Connect
First Flight #12: Kitty Connect
Beginner FriendlyFoundryNFTGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

`getCatAge` function in `kittyConnect` contract returns the age of the cat as a `block.timestamp` if the token is not a valid token

naman1729

Summary

  • getCatAge function in kittyConnect contract returns the age of the cat as a block.timestamp if the token is not a valid token.

Vulnerability Details

  • getCatAge function in kittyConnect contract returns the age of the cat as a block.timestamp if the token is not a valid token.

  • if tokenId is valid then function works as expected and returns the age of the cat.

function getCatAge(uint256 tokenId) external view returns (uint256) {
@> return block.timestamp - s_catInfo[tokenId].dob;
}

POC

  • paste this code in kittyTest.t.sol.

function test_getCatAge() public {
uint256 catAge = kittyConnect.getCatAge(100);
console.log(catAge);
assertEq(catAge, block.timestamp);
}

  • run this test using this command.

forge test --mt test_getCatAge -vvvv

Impact

  • if tokenId is not a valid token, the function will return the age of the cat as block.timestamp and can create confusion.

Tools Used

  • Manual review

Recommendations

  • Here, we can add a require statement to check if the token exists or not before returning the age of the cat.

function getCatAge(uint256 tokenId) external view returns (uint256) {
+ require(_exists(tokenId), "kittyConnect__InvalidTokenId");
return block.timestamp - s_catInfo[tokenId].dob;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.