Trick or Treat

First Flight #27
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Invalid

Incorrect Initialization of cost field in Struct

Summary

The cost field in the Treat struct is incorrectly initialized in the addTreat function. In the addTreat function, the field is referred to as uint256 _rate instead of uint256 cost. This mismatch can lead to confusion and improper initialization of the cost value within the struct, potentially leading to incorrect behavior in the contract.

Vulnerability Details

The cost field in the Treat struct is not correctly initialized when creating a Treat. Since the addTreat function uses uint256 _rate instead of uint256 cost, it leads to ambiguity and can result in the cost field being set to the default value of 0. This could cause unintended behavior when treating or displaying the cost of the treat.

The struct is defined as follows:

struct Treat {
string name;
uint256 cost; // Cost in ETH (in wei) to get one treat
string metadataURI; // URI for the NFT metadata
}

However, in the addTreat function, the cost is referred to as _rate, creating a mismatch:

function addTreat(string memory _name, uint256 _rate, string memory _metadataURI) public onlyOwner {
treatList[_name] = Treat(_name, _rate, _metadataURI);
treatNames.push(_name);
emit TreatAdded(_name, _rate, _metadataURI);
}

The _rate is used to initialize the cost field, but the inconsistency in naming can lead to confusion, especially in future modifications or external reviews.

Impact

If the addTreat function doesn't properly assign the cost value due to the use of _rate, treats could be initialized with a default cost of 0. This would allow users to acquire treats without paying the intended cost, causing loss of revenue or inconsistent contract behavior.

Tools Used

Manual Review

Recommendations

  1. ** Update the** addTreat function to use consistent naming by replacing _rate with cost to avoid ambiguity.

  2. Ensure that when the Treat struct is initialized, the cost is explicitly set to the intended value, preventing the default value of 0 from being used unintentionally.

    struct Treat {
    string name;
    uint256 cost; // Cost in ETH (in wei) to get one treat
    string metadataURI; // URI for the NFT metadata
    }
    function addTreat(string memory _name, uint256 _cost, string memory _metadataURI) public onlyOwner {
    // Properly assign cost to avoid confusion
    treatList[_name] = Treat(_name, _cost, _metadataURI);
    treatNames.push(_name);
    emit TreatAdded(_name, _cost, _metadataURI);
    }

    By updating the addTreat function and using consistent naming, you ensure that the cost field is properly initialized, reducing the risk of treats being assigned a zero cost unintentionally.

Updates

Appeal created

bube Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.