Submission Details
Severity:
Access Control missing in mintRamNFT function.
Summary
“Allows the Dussehra contract to mint Ram NFTs.” the document states.
However, any user can call the mintRamNFT function directly without calling the Dussehra contract.
Vulnerability Details
There is a guard that checks if msg.sender is a Dussehra contract.
function mintRamNFT(address to) public {
uint256 newTokenId = tokenCounter++;
_safeMint(to, newTokenId);
Characteristics[newTokenId] = CharacteristicsOfRam({
ram: to,
isJitaKrodhah: false,
isDhyutimaan: false,
isVidvaan: false,
isAatmavan: false,
isSatyavaakyah: false
});
}
This means any user can call this function.
Impact
Any user can mint RamNFT without paying any fee instead of calling Dussehra contract.
It also allows users to mint multiple RamNFTs.
Tools Used
Manual review
Recommendations
Please add access control to check if msg.sender is Dussehra contract.
++ address public dussehraContract;
++ function setDussehraContract(address _dussehraContract) public onlyOrganiser {
++ dussehraContract = _dussehraContract;
++ }
++ modifier onlyDussehraContract() {
++ if (msg.sender != dussehraContract) {
++ revert RamNFT__NotChoosingRamContract();
++ }
++ _;
++ }
-- function mintRamNFT(address to) public {
++ function mintRamNFT(address to) public onlyDussehraContract {
uint256 newTokenId = tokenCounter++;
_safeMint(to, newTokenId);
Characteristics[newTokenId] = CharacteristicsOfRam({
ram: to,
isJitaKrodhah: false,
isDhyutimaan: false,
isVidvaan: false,
isAatmavan: false,
isSatyavaakyah: false
});
}
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.