Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Test Suite Bug/Vulnerability: Missing Test Coverage for Critical Vulnerabilities

pxlvre

High: Missing Test Coverage for Critical Vulnerabilities

Description

  • The test suite lacks coverage for several critical vulnerabilities present in the contracts.

  • No tests exist for high-severity issues like the withdrawAllFailedCredits theft vulnerability, NFT burn authorization bypass, or reentrancy attacks.

Risk

Likelihood:

  • Critical bugs go undetected without test coverage

  • Vulnerabilities reach production unnoticed

Impact:

  • False confidence in contract security

  • Critical vulnerabilities remain undetected

  • Potential for significant financial losses

Recommended Mitigation

Add comprehensive test coverage for all identified vulnerabilities:

// Test for H-1: Anyone can steal failed credits
function test_StealFailedCredits() public {
// Setup victim with failed credits
// Attacker calls withdrawAllFailedCredits(victim)
// Verify attacker receives funds
}
// Test for NFT H-1: Anyone can burn any NFT
function test_AnyoneCanBurnAnyNFT() public {
// Mint NFT to owner
// Different user burns it without permission
// Verify NFT is destroyed
}
// Test for H-2: Reentrancy in buy-now
function test_ReentrancyInBuyNow() public {
// Deploy malicious bidder contract
// Trigger reentrancy during refund
// Verify attack is prevented or succeeds
}
Updates

Lead Judging Commences

cryptoghost Lead Judge 23 days ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.