Trick or Treat
First Flight #27
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Wrong value for event `Swapped` in function `trickOrTreat`

blacksquirrel

Summary

When the 'Double Price' case occurs during the execution of the trickOrTreat function and msg.value is less than required amount, it does not call the mintTreat function. Instead, it executes its own logic minting NFT to the contract.

Vulnerability Details

uint256 tokenId = nextTokenId;
+ _mint(address(this), tokenId);
_setTokenURI(tokenId, treat.metadataURI);
nextTokenId += 1;
pendingNFTs[tokenId] = msg.sender;
pendingNFTsAmountPaid[tokenId] = msg.value;
tokenIdToTreatName[tokenId] = _treatName;
- emit Swapped(msg.sender, _treatName, tokenId);

In this situation, the user has only paid a portion of the NFT's price, resulting in the contract becoming the owner of the NFT. However, an event is still emitted as if the full amount had been paid by the user.

Impact

Front-end applications or other off-chain services that listen to events may behave incorrectly or display inaccurate information, potentially misleading users

Tools Used

Manual code analysis.

Recommendations

Use address(this) instead of msg.sender.

Updates

Appeal created

bube Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect Swapped event emission

The protocol emits a Swapped event even when the user has not sent enough ETH to complete the transaction.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.