Trick or Treat
First Flight #27
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Cannot change the cost of Treat which has initial cost of 0 ether

cryptozaki

Summary

The cost of a treat cannot be updated if the initial cost of the Treat created with the constructor or with function addTreat(string, uint256, string) is 0 ether.

Vulnerability Details

This means that the users will never be able to mint NFT for this treat, because of the function trickOrTreat(string)checks if the cost of the treat is > 0.

There is no check that the _rate(the cost) of the treat is > 0 in the function.

function addTreat(
string memory _name,
uint256 _rate,
string memory _metadataURI
) public onlyOwner {
treatList[_name] = Treat(_name, _rate, _metadataURI);
treatNames.push(_name);
emit TreatAdded(_name, _rate, _metadataURI);
}

POC

Add the following test to the class TestTrickOrTreat.t.sol (test class is not part of the project so you have to create it):

function setUp() public {
trickOrTreat = new SpookySwap(new SpookySwap.Treat[](0));
}
function test_cannotChangePriceOfTreat() external {
// Notice the cost is 0, so once we add treat with cost 0 it cannot be changed again
trickOrTreat.addTreat("testTreat", 0 ether, "testUrl");
// Not able to change the cost
vm.expectRevert();
trickOrTreat.setTreatCost("testTreat", 1 ether);
}

Impact

This makes the treat unusable.

Tools Used

foundry

Recommendations

In the function addTreat(string, unit256, string)validate that the cost is > 0 before creating the treat

Updates

Appeal created

bube Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[invalid] Zero treat cost

The cost of the treat is set only by the owner (in the constructor, in addTreat and in setTreatCost). That means the cost of the treat will always be greater than zero.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.