Memorabilia Collection Activation State Can't Be Changed After Creation
Root + Impact
Description
-
Normal Behavior:
The contract allows the organizer to create memorabilia collections, each with anactivestate that determines whether the collection can be interacted with (e.g., redeemed, minted, or displayed). In robust systems, it should be possible to change the activation state after creation to respond to mistakes, abuse, or changing requirements.Issue:
Currently, the activation state of a memorabilia collection is set only at creation and cannot be changed later. If a collection is mistakenly created as inactive, it can never be activated. Conversely, if a collection is created as active, it cannot be paused or disabled in response to abuse, bugs, or policy changes. This limits the organizer’s ability to manage collections and respond to operational needs.
Risk
Likelihood:
Mistakes or changing requirements are common in production environments.
Impact:
Inactive collections are permanently unusable; active collections cannot be paused or disabled if needed, reducing operational flexibility.
Proof of Concept
Organizer creates a memorabilia collection with
active = false.Organizer later wants to activate the collection, but there is no function to do so.
The collection remains permanently inactive and unusable.
Recommended Mitigation
Add a function to allow the organizer (or owner) to change the activation state of a memorabilia collection after creation.
Lead Judging Commences
createMemorabiliaCollection with isActive false for later usage - flow not properly implemented.
Low because an organizer can use it with active = true and organizer is trusted.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.