Closed c4-judge closed 1 year ago
Judge has assessed an item in Issue #71 as 3 risk. The relevant finding follows:
[L-04] onlyMinter() modifier is not working as expected Description onlyMinter() can be bypasssed by anyone due to an invalid check:
modifier onlyMinter() { msg.sender == minterAddress; _; }
Thus, everyone can mint tokens:
function mint(address to_, string memory questId_) public onlyMinter { _tokenIds.increment(); uint newTokenID = _tokenIds.current(); questIdForTokenId[newTokenID] = questId_; timestampForTokenId[newTokenID] = block.timestamp; _safeMint(to_, newTokenID); }
Lines of code RabbitHoleReceipt.sol#L58 RabbitHoleTickets.sol#L47 Recommended Mitigation Steps Replace the affected modifier by this one:
modifier onlyMinter() { require(msg.sender == minterAddress, "Only minter can mint tokens"); _; }
kirk-baird marked the issue as duplicate of #608
kirk-baird marked the issue as satisfactory
Judge has assessed an item in Issue #71 as 3 risk. The relevant finding follows:
[L-04] onlyMinter() modifier is not working as expected Description onlyMinter() can be bypasssed by anyone due to an invalid check:
Thus, everyone can mint tokens:
Lines of code RabbitHoleReceipt.sol#L58 RabbitHoleTickets.sol#L47 Recommended Mitigation Steps Replace the affected modifier by this one: