Trick or Treat

First Flight #27

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

`setTreatCost()` should not exist in the contract

0xshuayb

Summary

The setTreatCost() function does the work of manipulating the cost of treats already defined in the addTreat() function.

Vulnerability Details

The setTreatCost() defined in line 43 of the SpookySwap takes a treat struct and the new cost as an argument. This changes the cost of the treat already defined in addTreat() function to new cost passed as an argument to the function.

Impact

This ability to manipulate cost of treats put the user as the risk of paying more than anticipated for a swap without falling for a trick.

Tools Used

Manual Review

Recommendations

The check used in the setTreatCost() function to ensure that treat prices cost more than zero should be used in addTreat() and the setTreatCost() should be deleted as it is of no importance to the logic of the protocol.

Updates

Appeal created

bube Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

109

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.