Eggstravaganza

First Flight #37

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

External Call Vulnerability in NFT Mint Function

kineticsofweb3

Summary
A security vulnerability was identified in the searchForEgg() function where an external call to the NFT contract's mintEgg function could potentially lead to unintended behavior or state inconsistencies. While the contract follows the Checks-Effects-Interactions pattern, the external dependency on the NFT contract introduces risks that need to be addressed.

Vulnerability Details
Location: EggHuntGame.sol, searchForEgg() function
Risk Level: Medium
Description: The contract makes an external call to eggNFT.mintEgg(msg.sender, eggCounter) after updating local state, which could be affected by unexpected behavior in the NFT contract.

Root Cause
The vulnerability stems from the external dependency on the NFT contract's behavior. While the current implementation properly updates state before making the external call, there are several potential risks:

The NFT contract could have its own vulnerabilities
The mint operation could fail unexpectedly
State inconsistencies could occur if the mint fails
The NFT contract might have reentrancy vulnerabilities

Impact
If exploited, this vulnerability could lead to:

Inconsistent game state
Failed egg minting operations
Potential loss of funds

Tools Used
Foundry
Solidity compiler
Ethers.js for testing utilities

Proof of Concept (PoC):

Secure Implementation with Error Handling

function searchForEgg() external {

require(gameActive, "Game not active");

require(block.timestamp >= startTime, "Game not started yet");

require(block.timestamp <= endTime, "Game ended");

uint256 random = uint256(

keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender, eggCounter))

) % 100;

if (random < eggFindThreshold) {

eggCounter++;

eggsFound[msg.sender] += 1;

// Check mint result

(bool success, bytes memory data) = eggNFT.mintEgg(msg.sender, eggCounter);

require(success, "NFT mint failed");

emit EggFound(msg.sender, eggCounter, eggsFound[msg.sender]);

}

This implementation adds proper error handling for the external call to mintEgg. It uses the low-level call syntax to capture both the success status and return data, ensuring that any failure in the NFT contract is properly handled and doesn't leave the game contract in an inconsistent state

Updates

Lead Judging Commences

m3dython Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.