`RamNFT::mintRamNFT` can mint multiple NFT's to a single address
Description: The RamNFT::mintRamNFT function takes address to paramter and does not have any limit to mint a certain amount of NFT's to a single contract
As it is a public function, anyone can call it and can mint multiple NFT's. This will further cause problems in the ChoosingRam.sol::increaseValuesOfParticipants
function as an owner of multiple NFT's can increase the value of his NFT's as he would be the both challanger and participant of this function
and the
Impact: This will cause problems in the ChoosingRam.sol::increaseValuesOfParticipants function as an owner of multiple NFT's can increase the value of his NFT's
as he would be the both challanger and participant of this function. An owner of multiple NFT's can also influence the ChooseRam::selectRamIfNotSelected function.
As this function chooses selectedRam randomly, an owner of multiple NFT's will have a better chance of being chosen and getting all the money by killing Ravana.
Proof of Concept:
User calls
RamNFT::mintRamNFTmultiple times and mints multiple NFT'sBy having multiple NFT's user has the privilege to call
ChoosingRam.sol::increaseValuesOfParticipantsmultiple times only with the token Id of his ownBy minting multiple NFT's user has better chance of being the
selectedRam, killing Ravana and getting the withdraw money for himself.
Proof of Code:
Code
Run this code snipped on Dussehra.t.sol using forge test --mt test_mintMultiple -vvvv to see the different nfts minted to Player1 .
Mitigation: There are many ways to avoid this issue. Once of them would be to create a mapping with the tokenId and contract address and check if the caller already holds and NFT everytime before minting an NFT to that address.
Tools used: manual review
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.