First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`RamNFT::mintRamNFT` access control issue. Minting NFT to users without the need to pay fees (a.k.a. free-for-all)

appet

Description:

RamNFT::mintRamNFT function is declared with public visibility, allowing anyone (including external users or contracts) to call the function. As per the specs, the Dussehra contract should be allowed to mint Ram NFTs through RamNFT::mintRamNFT.

Impact:

It is possible for outside user or another contract to call the RamNFT::mintRamNFT function, without paying the fee as the protocol intended (by minting NFT from Dussehra::enterPeopleWhoLikeRam). This enables users, that entered the protocol via this function, to get picked for Ram and participate fully in the events, including winning and collecting the reward, without paying anything, thus fundamentally breaking the purpose of the protocol.

Proof of Concept:

Paste the following code in the Dussehra.t.sol:

function test_mintNFTDirectlyFromRamNFT() public {
vm.startPrank(player1);
ramNFT.mintRamNFT(player1);
assertEq(ramNFT.ownerOf(0), player1);
assertEq(ramNFT.getCharacteristics(0).ram, player1);
assertEq(ramNFT.getNextTokenId(), 1);
}

Recommended Mitigation:

  • Use access control mechanism for RamNFT::mintRamNFT function to be called only by Dussehra contract.
    or

  • Change the visibility of the function, and making Dussehra inherit from RamNFT contract. This requires rewriting of certain parts of the Dussehra contract.

Tools Used

Manual review, Foundry

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

mintRamNFT is public

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!