Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: low
Invalid

Missing Performance Existence Check

lochaeth

Root + Impact

Description

  • No boundary checks for collectionId/itemId allow token ID collisions

Risk

Likelihood:

  • Only causes UX issues (no financial impact).

Impact:

  • Gas waste, false positives for non-existent performances.

Proof of Concept

function test_PhantomPerformance() public {
// Check non-existent performance #999
bool isActive = festivalPass.isPerformanceActive(999); // Returns false without error
// System treats it as valid inactive performance
assertTrue(!isActive); // But should revert
}

Recommended Mitigation

function isPerformanceActive(uint256 performanceId) public view returns (bool) {
+ require(performanceId < performanceCount, "Invalid ID");
// ... existing logic ...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.