Submission Details
Severity:
Snowman::mintSnowman can be called by anyone because lack the check of msg.sender
Root + Impact
Description
Snowman::mintSnowman can be called by anyone
function mintSnowman(address receiver, uint256 amount) external {
for (uint256 i = 0; i < amount; i++) {
_safeMint(receiver, s_TokenCounter);
emit SnowmanMinted(receiver, s_TokenCounter);
s_TokenCounter++;
}
}
Risk
High
Likelihood:
-
always
Impact:
Snowman::mintSnowman can be called by anyone
Proof of Concept
copy the code in TestSnowmanAirdrop.t.sol and run forge test --mt testNftcanbemintbyanyone -vvv
anyone can mint a snownft
function testNftcanbemintbyanyone() public {
// Mint 5 snowman to the airdrop contract
vm.startPrank(satoshi);
nft.mintSnowman(satoshi, 5);
vm.stopPrank();
assert(nft.getTokenCounter() == 5);
}
Recommended Mitigation
check the msg.sender is SnowmanAirdrop
Updates
Lead Judging Commences
yeahchibyke 3 months ago
Submission Judgement Published Assigned finding tags:
Unrestricted NFT mint function
The mint function of the Snowman contract is unprotected. Hence, anyone can call it and mint NFTs without necessarily partaking in the airdrop.
Rewards breakdown
nSLOC
215This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.