Trick or Treat

First Flight #27

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Incorrect Initialization of cost field in Struct

hawks

Summary

The cost field in the Treat struct is incorrectly initialized in the addTreat function. In the addTreat function, the field is referred to as uint256 _rate instead of uint256 cost. This mismatch can lead to confusion and improper initialization of the cost value within the struct, potentially leading to incorrect behavior in the contract.

Vulnerability Details

The cost field in the Treat struct is not correctly initialized when creating a Treat. Since the addTreat function uses uint256 _rate instead of uint256 cost, it leads to ambiguity and can result in the cost field being set to the default value of 0. This could cause unintended behavior when treating or displaying the cost of the treat.

The struct is defined as follows:

struct Treat {

string name;

uint256 cost; // Cost in ETH (in wei) to get one treat

string metadataURI; // URI for the NFT metadata

}

However, in the addTreat function, the cost is referred to as _rate, creating a mismatch:

function addTreat(string memory _name, uint256 _rate, string memory _metadataURI) public onlyOwner {

treatList[_name] = Treat(_name, _rate, _metadataURI);

treatNames.push(_name);

emit TreatAdded(_name, _rate, _metadataURI);

}

The _rate is used to initialize the cost field, but the inconsistency in naming can lead to confusion, especially in future modifications or external reviews.

Impact

If the addTreat function doesn't properly assign the cost value due to the use of _rate, treats could be initialized with a default cost of 0. This would allow users to acquire treats without paying the intended cost, causing loss of revenue or inconsistent contract behavior.

Tools Used

Manual Review

Recommendations

** Update the** addTreat function to use consistent naming by replacing _rate with cost to avoid ambiguity.
Ensure that when the Treat struct is initialized, the cost is explicitly set to the intended value, preventing the default value of 0 from being used unintentionally.

struct Treat {
string name;
uint256 cost; // Cost in ETH (in wei) to get one treat
string metadataURI; // URI for the NFT metadata
}

function addTreat(string memory _name, uint256 _cost, string memory _metadataURI) public onlyOwner {
// Properly assign cost to avoid confusion
treatList[_name] = Treat(_name, _cost, _metadataURI);
treatNames.push(_name);
emit TreatAdded(_name, _cost, _metadataURI);
}
By updating the addTreat function and using consistent naming, you ensure that the cost field is properly initialized, reducing the risk of treats being assigned a zero cost unintentionally.

Updates

Appeal created

bube Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

109

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.