Trick or Treat

First Flight #27

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Trick Bypass via Revert

0xjunwei

Summary

Revert if Trick, but pay if normal cost or treat.

Vulnerability Details

I deployed a separate Smart Contract that would send ETH slightly higher than the cost. But still, below the Trick cost, e.g. Treat costs 0.5 ETH, I would send 0.6 ETH, and if my contract received a refund, it would mean that I did not random Trick, and the transaction would go through; however, if I do not receive a refund due to Trick.

My contract would revert the transaction immediately, preventing the amount from being spent.

Impact

It allows users to circumvent the Trick feature, allowing only treat or standard costs.

Tools Used

Forge test -vvv and tested with the following contract

contract TrickDetector {

SpookySwap public spookySwap;

bool public receivedRefund;

uint256 public refundAmount;

constructor(address _spookySwap) {

spookySwap = SpookySwap(_spookySwap);

}

function attempt(string memory treatName) external payable {

receivedRefund = false;

refundAmount = 0;

spookySwap.trickOrTreat{value: msg.value}(treatName);

require(receivedRefund, "No refund received - must be trick case");

}

receive() external payable {

receivedRefund = true;

refundAmount = msg.value;

}

Recommendations

If it is a trick, refund the excess and only hold the initial cost, thus users could not predict if it is a trick / treat / normal cost.

Else, do a commit-reveal scheme, where users pay 0.5 eths, then the pending status of trick or treat. If it is trick, then require them to pay to reveal else, just reveal.

Updates

Appeal created

bube Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

0xjunwei Submitter

10 months ago

0xjunwei Submitter

10 months ago

bube Lead Judge

10 months ago

bube Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

109

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.