First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Possible multiplication with 0 in 'Dussehra__killRavana()'

DanielEth

Summary

In the function 'killRavana' in 'Dussehra' contract, if no one called the function 'enterThePeopleWhoLikeRam' (because the may mint free nfts, which is another vulnerability), the value 'WantToBeLikeRam.length ' will be 0.

#PoC

function test_killRavana_ArrayLenghtIsZero() public {
address user1 = address(123);
ramNft.mintRamNFT(user1);
vm.stopPrank();
address user2 = address(124);
ramNft.mintRamNFT(user2);
vm.stopPrank();
address user3 = address(125);
ramNft.mintRamNFT(user3);
vm.stopPrank();
vm.warp(1728691200);
vm.startPrank(address(this));
choosingRam.selectRamIfNotSelected();
vm.stopPrank();
assertNotEq(choosingRam.selectedRam(), 0x0000000000000000000000000000000000000000);
vm.startPrank(user1);
dussehra.killRavana();
assertEq(dussehra.IsRavanKilled(), true);
assertEq(dussehra.totalAmountGivenToRam(), 0);
}

Vulnerability Details

If 'WantToBeLikeRam.length' is 0, the 'totalAmountGivenToRam' will be also 0, and so there will be no rewards for users who killed ravana.

Impact

If the users who have the nfts kill ravana, they will get no rewards, (and so also the organizer)

Tools Used

Manual Review

Recommendations

Make sure users can have nfts only by calling the function 'enterPeopleWhoLikeRam' and not allowing them to mint free nfts.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

mintRamNFT is public

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.