60,000 USDC
Submission Details
Severity:
There is no check for collection existence
Summary
There is no check for collection existence.
Vulnerability Details
The _white_list_collection function assumes that the collection to be removed exists in the list.
if enabled {
self.white_listed_list.write(collection, (enabled, no_value));
if prev.is_zero() {
self.white_listed_head.write(collection);
return;
}
// find last element
loop {
let (_, next) = self.white_listed_list.read(prev);
if next.is_zero() {
break;
}
let (active, _) = self.white_listed_list.read(next);
if !active {
break;
}
prev = next;
};
self.white_listed_list.write(prev, (true, collection));
If the collection doesn't exist in the list, the loop will traverse the entire list without finding the collection. After the loop, it will still execute self.white_listed_list.write(collection, (false, no_value));.
Impact
The function creates a new entry for a non-existent collection and marks it as inactive.
Tools Used
Manual review
Recommendations
Add a check to see if the collection was found, and only modify the state if it was found.
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,30126 USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.