Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: high
Valid

Public `RamNFT::mintRamNFT` Function Allows for Direct Minting, Bypassing the `entranceFee` Check in `Dussehra::enterPeopleWhoLikeRam`

Summary

Missing access controls for mintRamNFT allows anyone to mint NFTs for free, without paying the entranceFee.

Vulnerability Details

Improper access control for the mintRamNFT function allows anyone to mint NFTs.

Add the following test case to Dussehra.t.sol:

Test Case
function test_publicRamNFTMint() public {
uint256 NUM_NFTS_TO_MINT = 100;
// assert that `player1` has no ether, so NFTs are minted for free
assertEq(address(player1).balance, 0 ether);
// mint NFTs
vm.startPrank(player1);
for (uint256 i; i < NUM_NFTS_TO_MINT; i++) {
ramNFT.mintRamNFT(address(player1));
}
vm.stopPrank();
// assert that the NFT balance of `player1` is the same
assertEq(ramNFT.balanceOf(address(player1)), NUM_NFTS_TO_MINT);
}

Then, run the test:

forge test --mt test_publicRamNFTMint -vvvvv

Impact

NFTs can be minted for free, without paying the entranceFee.

Tools Used

Manual Review

Recommendations

Add the onlyChoosingRamContract modifier to mintRamNFT to ensure only the ChoosingRam contract can mint Ram NFTs.

- function mintRamNFT(address to) public {
+ function mintRamNFT(address to) public onlyChoosingRamContract {
uint256 newTokenId = tokenCounter++;
_safeMint(to, newTokenId);
Characteristics[newTokenId] = CharacteristicsOfRam({
ram: to,
isJitaKrodhah: false,
isDhyutimaan: false,
isVidvaan: false,
isAatmavan: false,
isSatyavaakyah: false
});
}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

mintRamNFT is public

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.