Submission Details
Impact:
Likelihood:
[L-5] No checks for amount value in `Snow::buySnow()` can allow for 0 amount purchases
[L-5] No checks for amount value in Snow::buySnow() can allow for 0 amount purchases
Description
-
In the
Snow::buySnow()function, theamountvariable determines the amount of Snow tokens to buy -
There are no checks for checking if the
amountis a valid value
function buySnow(uint256 amount) external payable canFarmSnow {
if (msg.value == (s_buyFee * amount)) {
_mint(msg.sender, amount);
Risk
Likelihood:
Whenever
buySnow()is called with 0 amount
Impact:
Invalid event emitted
Proof of Concept
Add the following test case to the test suite
function testCanBuySnowWithZeroAmount() public {
vm.prank(victory);
snow.buySnow(0);
}
Recommended Mitigation
Add this check at the beginning of buySnow() to revert if amount is 0
+ assert(amount != 0);
Rewards breakdown
nSLOC
215This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.