First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Same tokenIds

_frolic

Summary

A user can pass the same tokenIds as parameters to the ChoosingRam::increaseValuesOfParticipants function.

Vulnerability Details

The ChoosingRam::increaseValuesOfParticipants function increases the characteristics of either RamNFT's whose tokenIds were passed and selects one as the ram if it has had all of its characteristics updated, it does this based on a generated random number.

Code
function test_SameTokenIds() public Moreparticipants {
// valid tokenIds are 0,1,2.
vm.startPrank(player1);
choosingRam.increaseValuesOfParticipants(0, 0);
choosingRam.increaseValuesOfParticipants(0, 0);
choosingRam.increaseValuesOfParticipants(0, 0);
choosingRam.increaseValuesOfParticipants(0, 0);
choosingRam.increaseValuesOfParticipants(0, 0);
vm.stopPrank();
assertEq(ramNFT.getCharacteristics(0).isJitaKrodhah, true);
assertEq(ramNFT.getCharacteristics(0).isDhyutimaan, true);
assertEq(ramNFT.getCharacteristics(0).isVidvaan, true);
assertEq(ramNFT.getCharacteristics(0).isAatmavan, true);
assertEq(ramNFT.getCharacteristics(0).isSatyavaakyah, true);
assertEq(choosingRam.selectedRam(), player1);
}

Impact

If the user passes the same tokenId for both parameters, then the RamNFT with that tokenId will definitely be chosen.

Tools Used

Manual analysis

Recommendations

Perform checks to stop users from providing the same tokenIds as both parameters.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Challenge themselves

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.