First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

User can mint RamNFT without calling enterPeopleWhoLikeRam function in Dussehra.sol

funkyenough

Summary

User can mint RamNFT without paying entrance fee.

Vulnerability Details

function test_UserCanMintRamNftWithoutPayingEntranceFee() public {
vm.prank(player1);
ramNFT.mintRamNFT(player1);
assertEq(ramNFT.getCharacteristics(0).ram, player1);
assert(address(dussehra).balance == 0);
}

Impact

User can participate in Dussehra without paying. There are a few implications:

  1. The organiser received amount is half of WantToBeLikeRam.length * entranceFee. The number of users that minted the RamNFT should equal WantToBeLikeRam.length. Now users can mint RamNFT by directly calling mintRamNFT function on RamNFT contract, causing WantToBeLikeRam.length to be potentially less than the number of ramNFTs minted. The organiser may receive less than they should, down to potentially zero.

  2. Since users can mint RamNFT without paying fee, this creates a spam vector where users generate a large amount of NFTs to race towards Ram selection. In the event where no Ram was selected until the end of event, those who spam the network has a disproportionate chance to be selected as Ram to withdraw the remaining fund.

Tools Used

Manual Review

Recommendations

Add proper access control to the mintRamNFT function, allow only those who payed the entranceFee to mint.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

mintRamNFT is public

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.