Submission Details
Severity:
Anyone can Mint ram NFT
Summary
In DOCS is stated that mintRamNFT - Allows the Dussehra contract to mint Ram NFTs. However, that is not true, because there is not modifier.
Vulnerability Details
If we take a look at mintRamNFT function:
function mintRamNFT(address to) public {
uint256 newTokenId = tokenCounter++;
_safeMint(to, newTokenId);
Characteristics[newTokenId] = CharacteristicsOfRam({
ram: to,
isJitaKrodhah: false,
isDhyutimaan: false,
isVidvaan: false,
isAatmavan: false,
isSatyavaakyah: false
});
}
We can see that there is not modifier and anyone can call that function. This means that users can bypass paying entrance fee.
Impact
Users minting RamNfts without paying fee.
Proof of Concept
Create the following test case:
function test_anyoneCanMintNft() public {
vm.startPrank(player1);
ramNFT.mintRamNFT(player1);
vm.stopPrank();
assertEq(ramNFT.balanceOf(player1), 1);
}
Run forge test --match-test test_anyoneCanMintNft
The results are the following:
Ran 1 test for test/Dussehra.t.sol:CounterTest
[PASS] test_anyoneCanMintNft() (gas: 107267)
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 7.46ms (307.96µs CPU time)
Tools Used
Manual Review
Recommendations
Consider adding variable and modifier that will check if msg.sender is Dussehra contract.
address public dussehraContract;
modifier onlyDussehraContract() {
if (msg.sender != dussehraContract) {
revert RamNFT__NotDussehraContract();
}
_;
}
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.