Submission Details
Severity:
Public `RamNFT::mintRamNFT` Function Allows for Direct Minting, Bypassing the `entranceFee` Check in `Dussehra::enterPeopleWhoLikeRam`
Summary
Missing access controls for mintRamNFT allows anyone to mint NFTs for free, without paying the entranceFee.
Vulnerability Details
Improper access control for the mintRamNFT function allows anyone to mint NFTs.
Add the following test case to Dussehra.t.sol:
Test Case
function test_publicRamNFTMint() public {
uint256 NUM_NFTS_TO_MINT = 100;
// assert that `player1` has no ether, so NFTs are minted for free
assertEq(address(player1).balance, 0 ether);
// mint NFTs
vm.startPrank(player1);
for (uint256 i; i < NUM_NFTS_TO_MINT; i++) {
ramNFT.mintRamNFT(address(player1));
}
vm.stopPrank();
// assert that the NFT balance of `player1` is the same
assertEq(ramNFT.balanceOf(address(player1)), NUM_NFTS_TO_MINT);
}
Then, run the test:
forge test --mt test_publicRamNFTMint -vvvvv
Impact
NFTs can be minted for free, without paying the entranceFee.
Tools Used
Manual Review
Recommendations
Add the onlyChoosingRamContract modifier to mintRamNFT to ensure only the ChoosingRam contract can mint Ram NFTs.
- function mintRamNFT(address to) public {
+ function mintRamNFT(address to) public onlyChoosingRamContract {
uint256 newTokenId = tokenCounter++;
_safeMint(to, newTokenId);
Characteristics[newTokenId] = CharacteristicsOfRam({
ram: to,
isJitaKrodhah: false,
isDhyutimaan: false,
isVidvaan: false,
isAatmavan: false,
isSatyavaakyah: false
});
}
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.