Santa's List
AI First Flight #3
Beginner FriendlyFoundry
EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

The `SantasList::_mintAndIncrement` function mints NFT only for the caller and does not accept parameters.

just

The SantasList::_mintAndIncrement function modifies the NFT only for the caller and does not accept parameters. It is used in another function that should modifies the recipient's address, but instead modifies msg.sender.

Description

It does not take any parameters and implies the following: it always changes only to the caller. This is incorrect, because this function is used in SantasList::buyPresent and it should give NFT to the address passed in the parameters, instead the NFT will be received by msg.sender.

@> function _mintAndIncrement() private {
@> _safeMint(msg.sender, s_tokenCounter++);
}

Risk

**Every time you call SantasList::buyPresent, the gift will be received by msg.sender. **
This breaks the entire business logic of the protocol, it is impossible to send the gift to someone else.


Proof of Concept

Recommended Mitigation

Add the address to whom you want to mint NFT, then pass this parameter to another function _safeMint to send the gift to the address.

- function _mintAndIncrement() private {
- _safeMint(msg.sender, s_tokenCounter++);
- }
+ function _mintAndIncrement(address to) private {
+ _safeMint(to, s_tokenCounter++);
+ }
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 3 hours ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!