First Flight #12: Kitty Connect
First Flight #12: Kitty Connect
Beginner FriendlyFoundryNFTGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

addShop() function does not check whether the parameter shopAddress has already been added to valid shops.

0xeLSeR17

Summary

Same shop address can be added multiple times by calling addShop().

Vulnerability Details

The addShop() function does not check if the shopAddress to be added to valid shops is already a valid shop. This allows to add the same shop unlimited times, with no warnings that make the connectOwner aware of this.

Impact

Adding several times the same shop will have two consequences:

  • On the one hand, the s_kittyShops[] array will become larger without having any new information, as several slots will contain the same shop address. More gas will be spent both when adding a new shop to the array as well as when reading the shops in the array with the getAllKittyShops() function.

  • On the other hand, the ShopPartnerAdded event will be emitted that many times, which provides no new or useful information for the same reason, the shop address was already valid.

Tools Used

Manual review

Recommendations

Including a check in the addShop() function that prevents the same address from being added more than once:

function addShop(address shopAddress) external onlyKittyConnectOwner {
+ require(!s_isKittyShop[shopAddress], "This shop has already been added");
s_isKittyShop[shopAddress] = true;
s_kittyShops.push(shopAddress);
emit ShopPartnerAdded(shopAddress);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.