First Flight #12: Kitty Connect
First Flight #12: Kitty Connect
Beginner FriendlyFoundryNFTGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

`KittyConnect::addShop` Allows Duplicate Shop Partners

yaioxy

Summary

The KittyConnect::addShop function does not check if the shop address being added already exists as a partner. This could allow duplicate shop partners to be added.

Vulnerability Details

When adding a new shop partner, KittyConnect::addShop only checks that msg.sender is the contract owner. It does not check if the shop address passed in already exists in the s_kittyShops array. This could allow an existing shop to be added again as a duplicate partner.

Impact

Allowing duplicate shop partners could clutter the storage of the contract and cost more gas for functions that loop through the shops. It also distorts the data by showing duplicate entries.

Tools Used

Manual Review

Recommendations

Before adding a new shop partner, check that it does not already exist:

function addShop(address shopAddress) external onlyKittyConnectOwner {
+ require(!s_isKittyShop[shopAddress], "Shop already partnered");
s_isKittyShop[shopAddress] = true;
s_kittyShops.push(shopAddress);
emit ShopPartnerAdded(shopAddress);
}

This will prevent duplicate shops being added and keep the data clean.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.