Submission Details
Severity:
`RamNFT.sol::mintRamNFT` Can be called by anyone and not just the `Dussehra.sol` contract
Summary
The RamNFT.sol::mintRamNFT function can be called by anyone and not just the Dussehra.sol contract.
Vulnerability Details
As per the documentation, the RamNFT.sol::mintRamNFT function should only be callable by the Dussehra.sol contract. Currently anyone can call the function and mint unlimited RamNFT's
@> function mintRamNFT(address to) public {
uint256 newTokenId = tokenCounter++;
_safeMint(to, newTokenId);
Impact
The test below passes showing that anyone can call the mintRamNFT function.
function test_anyoneCanCallTheMintNFTFunction() public {
vm.startPrank(player2);
ramNFT.mintRamNFT(player2);
assertEq(ramNFT.tokenCounter(), 1);
}
Tools Used
--Foundry
Recommendations
It is recommended to add protections to the mintRamNFT function so that only the Dussehra.sol contract can call it.
+ address public dussehraContract;
+ modifier onlyDussehraContract() {
+ if (msg.sender != dussehraContract) {
+ revert RamNFT__NotDussehraContract();
+ }
+ _;
+ }
+ function setDussehraContract(address _dussehraContract) public onlyOrganiser {
+ dussehraContract = _dussehraContract;
+ }
- function mintRamNFT(address to) public {
+ function mintRamNFT(address to) public onlyDussehraContract {
uint256 newTokenId = tokenCounter++;
_safeMint(to, newTokenId);
Characteristics[newTokenId] = CharacteristicsOfRam({
ram: to,
isJitaKrodhah: false,
isDhyutimaan: false,
isVidvaan: false,
isAatmavan: false,
isSatyavaakyah: false
});
}
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.