Upgraded Q -> 3 from #71 [1676966386580]

[c4-judge]

Judge has assessed an item in Issue #71 as 3 risk. The relevant finding follows:

[L-04] onlyMinter() modifier is not working as expected Description onlyMinter() can be bypasssed by anyone due to an invalid check:

modifier onlyMinter() {
    msg.sender == minterAddress;
    _;
}

Thus, everyone can mint tokens:

function mint(address to_, string memory questId_) public onlyMinter {
    _tokenIds.increment();
    uint newTokenID = _tokenIds.current();
    questIdForTokenId[newTokenID] = questId_;
    timestampForTokenId[newTokenID] = block.timestamp;
    _safeMint(to_, newTokenID);
}

Lines of code RabbitHoleReceipt.sol#L58 RabbitHoleTickets.sol#L47 Recommended Mitigation Steps Replace the affected modifier by this one:

modifier onlyMinter() {
    require(msg.sender == minterAddress, "Only minter can mint tokens");
    _;
}

[c4-judge]

kirk-baird marked the issue as duplicate of #608

[c4-judge]

kirk-baird marked the issue as satisfactory