Trick or Treat

First Flight #27
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: low
Invalid

[EVMN] Potential Duplicated Name Causes Treat Data Overwrite

Summary

If the owner adds a treat in which the name already exists, the existing data will be overwritten.

Vulnerability Details

Function addTreat() allows the owner to add a new treat. Since the treat's name is the key to the mapping treatList, if the owner adds a new treat with an identical name with an existing treat, then the existing treat will be overwritten with the new one. This is because there is no check to prevent this case to occur.

Impact

Overwritten existing data.

Tools Used

Manual review.

Recommendations

Consider adding a check to prevent duplicated treat names.

Updates

Appeal created

bube Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[invalid] Duplicate treats

The function `addTreat` is called by the owner. The owner is trusted. There will be no duplicates.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.