Submission Details
Severity:
`addTreat` function updates `treatList` mapping if treat already exists but still appends it to `treatNames` array leading to inconsistent treat data.
addTreat function updates treatList mapping if treat already exists but still appends it to treatNames array leading to inconsistent treat data.
Description:
As treat name is used to get its data, addTreat function should check that only unique names are added. This missing check can lead to treatList mapping getting updated but still new treatName item is pushed if same treat name is added by owner.
Recommended Mitigation:
function addTreat(string memory _name, uint256 _rate, string memory _metadataURI) public onlyOwner {
+ require(bytes(treatList[_name].name).length == 0, "Treat already exists");
treatList[_name] = Treat(_name, _rate, _metadataURI);
Updates
Appeal created
bube about 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
[invalid] Duplicate treats
The function `addTreat` is called by the owner. The owner is trusted. There will be no duplicates.
Rewards breakdown
nSLOC
109This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.