Submission Details
Severity:
Incorrect check of treat cost in setTreatCost function leads to function becoming uninvokable after treat cost is set to zero.
Incorrect check of treat cost in setTreatCost function leads to uninvokable function after treat cost is set to zero.
Description:
In setTreatCost function, if cost is set to zero once, then the function cannot be called again as the require statement check will always revert.
Impact:
If cost is set to zero once, it will lead to denial of service of the setTreatCost function.
Proof of concept:
Add the following test case and run the forge test command.
function test_dosAfterZeroTreatCost() external {
vm.startPrank(owner);
tot.setTreatCost(treats[0].name, 0);
vm.expectRevert("Treat must cost something.");
tot.setTreatCost(treats[0].name, 123);
vm.stopPrank();
}
Recommended Mitigation:
Replace the cost check with below statement.
- require(treatList[_treatName].cost > 0, "Treat must cost something.");
+ require(_cost > 0, "Treat must cost something.");
Updates
Appeal created
bube 10 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
[invalid] Zero treat cost
The cost of the treat is set only by the owner (in the constructor, in addTreat and in setTreatCost). That means the cost of the treat will always be greater than zero.
Rewards breakdown
nSLOC
109This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.