Potential for Duplicate Fertilizer IDs in LibFertilizer Contract
The Issue:
id = s.bpf.add(bpf);
The ID for a new fertilizer is calculated as id = s.bpf.add(bpf), where bpf is the Beans Per Fertilizer for the given season. If the same bpf value is used in multiple seasons, it could result in the same ID being generated for different fertilizers. This creates problems because:
The s.fertilizer mapping relies on the ID to track the amount of each fertilizer. Duplicate IDs could lead to incorrect updates, potentially inflating or underestimating the total supply.
The queue manipulation logic might treat fertilizers with the same ID as the same entity, disrupting the intended order and potentially allowing manipulation.
Impact of Duplicate IDs:
Incorrect Data: The s.fertilizer mapping relies on unique IDs to track the amount of each fertilizer. Duplicate IDs could lead to incorrect data being stored. For example:
If adding a new fertilizer with a duplicate ID, the total amount for that ID might be inflated, misrepresenting the actual supply.
If removing a fertilizer with a duplicate ID (assuming such functionality exists), it might remove the wrong entry or have unintended consequences.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.