First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

`ChoosingRam::increaseValuesOfParticipants` check for `tokenIdOfChallenger` allows the user to enter not existing tokenId.

kostov

Summary

ChoosingRam::increaseValuesOfParticipants check for tokenIdOfChallenger allows the user to enter not existing tokenId.

Vulnerability Details

Let's say, there are only 2 NFTs created for now. After each NFT creation, the tokeCounter increases its value by 1, therefore, after that the tokenCounter will equal 2.

The first NFT created will be with tokenId equal to 0
The second NFT created will be with tokenId equal to 1

So if a user decides to call ChoosingRam::increaseValuesOfParticipants with 2 as an argument for tokenIdOfChallenger, the check below will pass, although, such a NFT token does not exist.

if (tokenIdOfChallenger > ramNFT.tokenCounter()) {
revert ChoosingRam__InvalidTokenIdOfChallenger();
}

Impact

The first check of the function can be bypassed.

Tools Used

Manual review

Recommendations

+ if (tokenIdOfChallenger >= ramNFT.tokenCounter()) {
revert ChoosingRam__InvalidTokenIdOfChallenger();
}
Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

The token counter check is incorrect

kostov Submitter
over 1 year ago
bube Lead Judge
about 1 year ago
bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.