Trick or Treat
First Flight #27
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Check for Zero Rate in addTreat Function

silverwind

Vulnerability Details

The addTreat function does not check if the _rate value is set to zero before adding a new Treat. As a result, a treat with a cost of zero can be created, allowing users to mint NFTs for free if selected in the trickOrTreat function.

Code: https://github.com/Cyfrin/2024-10-trick-or-treat/blob/9cb3955058cad9dd28a24eb5162a96d759bfa842/src/TrickOrTreat.sol#L37

Impact

If _rate is set to zero, any user may mint the treat NFT without paying, potentially leading to an unintended loss of NFT value or an exploitable contract design.

PoC

function test_RateToZero() public {
vm.startPrank(owner);
// adding a treat with _rate value 0
enemyContract.addTreat("user0", 0, "0x00");
vm.stopPrank();
SpookySwap.Treat memory actual = enemyContract.getTreatList("user0");
assertEq(actual.cost, 0);
}

Tools Used

Manual Read, Foundry

Recommendations

Add the following check at the beginning of the addTreat function:

require(_rate > 0, "Treat cost must be greater than zero.");
Updates

Appeal created

bube Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[invalid] Zero treat cost

The cost of the treat is set only by the owner (in the constructor, in addTreat and in setTreatCost). That means the cost of the treat will always be greater than zero.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.