First Flight #17: Dussehra

First Flight #17

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

The function RamNFT.getCharacteristics(uint256 tokenId) returns inconsistent information.

azanux

Summary

The function RamNFT.getCharacteristics(uint256 tokenId) does not check if the tokenId exists.

Vulnerability Details

When we call the function RamNFT.getCharacteristics(uint256 tokenId) with an NFT tokenId, it doesn't verify whether the tokenId has been minted. Therefore, it returns inconsistent information if the tokenId does not exist.

Impact

The information returned is incorrect if the tokenId doesn't exist.

Users can use this exploit to increaseValuesOfParticipants(uint256 tokenIdOfChallenger, uint256 tokenIdOfAnyParticipant) where tokenIdOfChallenger is their own NFT ID and tokenIdOfAnyParticipant is the NextTokenId. This ensures that if they don't win, nobody will win.

Code Example

This code is to be added to the smart contract Dussehra.sol#CounterTest:

// This test should revert because the NFT doesn't exist

function test_getCharacteristiquesInvalidNFT() public participants {

vm.expectRevert();

assertEq(ramNFT.getCharacteristics(3).ram, address(0));

assertEq(ramNFT.getCharacteristics(3).isJitaKrodhah, false);

assertEq(ramNFT.getCharacteristics(3).isDhyutimaan, false);

assertEq(ramNFT.getCharacteristics(3).isVidvaan, false);

assertEq(ramNFT.getCharacteristics(3).isAatmavan, false);

assertEq(ramNFT.getCharacteristics(3).isSatyavaakyah, false);

}

Result

// This test should revert because the NFT doesn't exist

Ran 1 test for test/Dussehra.t.sol:CounterTest

[FAIL. Reason: call did not revert as expected] test_getCharacteristiquesInvalidNFT() (gas: 318942)

Suite result: FAILED. 0 passed; 1 failed; 0 skipped; finished in 9.81ms (959.38µs CPU time)

Ran 1 test suite in 171.02ms (9.81ms CPU time): 0 tests passed, 1 failed, 0 skipped (1 total tests)

Failing tests:

Encountered 1 failing test in test/Dussehra.t.sol:CounterTest

[FAIL. Reason: call did not revert as expected] test_getCharacteristiquesInvalidNFT() (gas: 318942)

Tools Used
Manual review.

Recommendations
Check if the token exists before returning the information.

function getCharacteristics(uint256 tokenId) public view returns (CharacteristicsOfRam memory) {

+ require(_ownerOf(tokenId) != address(0), "Token does not exist."); // Ensure the token exists

return Characteristics[tokenId];

}

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Info/Gas/Invalid according to docs

Rewards breakdown

nSLOC

218

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.