First Flight #17: Dussehra

First Flight #17

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Anyone can mint a RamNFT to anyone

mattjenkins

Summary

There is a missing check on the mintRamNFT function in the RamNFT contract. This allows anyone to mint a RamNFT to anyone, which is not the functionality needed for the protocol. Users can simply mint as many NFTs as they want without going through the registration and entry fee process.

Vulnerability Details

The open minting can be shown with the test below. Players should not be able to mint NFTs directly, it should only be possible via the Dussehra contract. A restriction to just the Dussehra contract is required. The mint function is lacking this protection.

function test_mintNFT() public {

vm.startPrank(player1);

vm.expectRevert();

ramNFT.mintRamNFT(player1);

vm.expectRevert();

ramNFT.mintRamNFT(player2);

vm.stopPrank();

vm.startPrank(address(dussehra));

ramNFT.mintRamNFT(player1);

ramNFT.mintRamNFT(player2);

vm.stopPrank();

assertEq(ramNFT.ownerOf(0), player1);

assertEq(ramNFT.ownerOf(1), player2);

}

Impact

This open minting has large consequences to the protocol. An malicious user can simply mint many NFTs and increase their chances of winning dramatically as the winner is selected from the NFT collection. This bypasses the entry fee requirement and allows a user to enter the competition without paying anything other than minting gas costs.

Tools Used

foundry and manual review

Recommendations

Change the RamNFT contract's minting function to include a modifier to protect the minting of NFTs and ensure only the ChoosingRam contract can mint.

+ error RamNFT__NotDussehraContract();

+ address public dussehraContract;

+ function setDussehraContract(address _dussehraContract) public onlyOrganiser {

+ dussehraContract = _dussehraContract;

+ }

+ modifier onlyDussehraContract() {

+ if (msg.sender != dussehraContract) {

+ revert RamNFT__NotDussehraContract();

+ }

+ _;

+ }

+ function mintRamNFT(address to) public onlyDussehraContract {

- function mintRamNFT(address to) public {

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

mintRamNFT is public

Rewards breakdown

nSLOC

218

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.