First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect Check for Token ID Validity

0xdevin

Vulnerability Details

the checks if (tokenIdOfChallenger >= ramNFT.tokenCounter()) and if (tokenIdOfAnyParticipant >= ramNFT.tokenCounter()) do not consider the case where ramNFT.tokenCounter() is zero. If ramNFT.tokenCounter() returns zero, any token ID will be considered valid, which is incorrect.

if (tokenIdOfChallenger >= ramNFT.tokenCounter()) {
revert ChoosingRam__InvalidTokenIdOfChallenger();
}
if (tokenIdOfAnyParticipant >= ramNFT.tokenCounter()) {
revert ChoosingRam__InvalidTokenIdOfParticipant();
}

Impact

Suppose ramNFT.tokenCounter() is zero, indicating that no tokens have been minted yet. In this case, the checks as they stand will allow any - tokenIdOfChallenger or tokenIdOfAnyParticipant to be considered valid:

  • ramNFT.tokenCounter() returns 0.
    Any tokenIdOfChallenger or tokenIdOfAnyParticipant (e.g., 1, 2, 3) will be valid because tokenId >= 0 is false for all positive integers.
    This will cause the function to proceed with invalid token IDs, leading to unexpected behavior and potential exploits.

Tools Used

none

Recommendations

To prevent this issue, the token ID validity checks should be updated to ensure that ramNFT.tokenCounter() is greater than zero and that the token ID is within the valid range.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.