Submission Details
Severity:
Blocking 'earnSnow()' by Executing 'buySnow()'
Description: Calling 'buySnow()' sets 's_earnTimer', which is used to restrict 'earnSnow()'.
Impact: Any user who buys Snow resets the earn timer for the entire system, blocking legitimate use.
Proof of Concept: Include the following test in the TestSnow.t.sol file:
function testCanEarnSnowAfterBuy() public {
vm.prank(victory);
snow.buySnow{value: FEE}(1);
vm.prank(victory);
vm.expectRevert();
snow.earnSnow();
}
Recommended Mitigation: Remove 's_earnTimer' entirely from 'buySnow()':
function buySnow(uint256 amount) external payable canFarmSnow {
// ...
- s_earnTimer = block.timestamp;
emit SnowBought(msg.sender, amount);
}
Updates
Lead Judging Commences
yeahchibyke 3 months ago
Submission Judgement Published Assigned finding tags:
buying of snow resets global timer thus affecting earning of free snow
When buySnow is successfully called, the global timer is reset. This inadvertently affects the earning of snow as that particular action also depends on the global timer.
Rewards breakdown
nSLOC
215This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.