Trick or Treat
First Flight #27
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Overwriting Existing Treat Names in addTreat Function

silverwind

Vulnerability Details

The addTreat function allows for adding new treats with an existing name, which overwrites the previous treat entry. This causes the original treat data (such as cost and metadataURI) to be overwritten without notice, leading to potential discrepancies in treat tracking and unexpected NFT metadata.

Code: https://github.com/Cyfrin/2024-10-trick-or-treat/blob/9cb3955058cad9dd28a24eb5162a96d759bfa842/src/TrickOrTreat.sol#L37

Impact

Overwriting treats with the same name results in a loss of the original treat information, which could lead to inaccurate treat listings. This could be especially confusing for users interacting with the contract as they may not expect an updated treat to replace an existing one without any indication.

PoC

function test_addTreatOverwriteName() public {
vm.startPrank(owner);
enemyContract.addTreat("user0", 0, "0x00");
// overwriting an existing treat
enemyContract.addTreat("user0", 1, "0x01");
vm.stopPrank();
SpookySwap.Treat memory actual = enemyContract.getTreatList("user0");
assertEq(actual.cost, 1);
}

Tools Used

Manual Reading, Foundry

Recommendations

Add the following check at the beginning of the addTreat function:

require(bytes(treatList[_name].name).length == 0, "Treat with this name already exists.");
Updates

Appeal created

bube Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[invalid] Duplicate treats

The function `addTreat` is called by the owner. The owner is trusted. There will be no duplicates.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.