Santa's List
AI First Flight #3
Beginner FriendlyFoundry
EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: high
Invalid

H-02: checkList() Allows NICE/EXTRA_NICE Status on First Check

dxxx99217

H-02: checkList() Allows NICE/EXTRA_NICE Status on First Check

Description

  • The README states that "In order for someone to be considered NICE or EXTRA_NICE they must be first 'checked twice' by Santa."

  • The checkList() function accepts Status.NICE or Status.EXTRA_NICE as valid parameters, allowing these statuses to be set on the first check.

// src/SantasList.sol:123
function checkList(address person, Status status) external onlySanta { // @> Accepts NICE/EXTRA_NICE
s_theListCheckedOnce[person] = status;
emit CheckedOnce(person, status);
}

Risk

Likelihood:

  • Santa (or any attacker if H-01 is not fixed) can set NICE/EXTRA_NICE status on first check

Impact:

  • Users can be marked as NICE or EXTRA_NICE without the required "checked twice" verification

  • Bypasses the double-check security mechanism

  • Users may collect presents after only one check

Proof of Concept

function testCanSetNiceOnFirstCheck() public {
vm.prank(santa);
// Santa can set NICE on first check, violating the "checked twice" requirement
santasList.checkList(user, SantasList.Status.NICE);
// User is marked NICE after only one check
assertEq(uint256(santasList.getNaughtyOrNiceOnce(user)), uint256(SantasList.Status.NICE));
}

Recommended Mitigation

function checkList(address person, Status status) external onlySanta {
+ // Only allow NAUGHTY or NOT_CHECKED_TWICE on first check
+ if (status == Status.NICE || status == Status.EXTRA_NICE) {
+ revert SantasList__InvalidFirstCheckStatus();
+ }
s_theListCheckedOnce[person] = status;
emit CheckedOnce(person, status);
}
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 1 day ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!