c4-pre-sort
commented
4 months ago raymondfam marked the issue as insufficient quality report
Open c4-bot-7 opened 4 months ago
c4-pre-sort
commented
4 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
4 months ago raymondfam marked the issue as primary issue
raymondfam
commented
4 months ago Informational low QA.
HickupHH3
commented
3 months ago QA(R)
c4-judge
commented
3 months ago HickupHH3 changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/GameItems.sol#L126-L134
Vulnerability details
Impact
Not being able to adjust key parameters of the
GameItemsreduces the flexibility of the developer team and can lead to problems down the road that can not be fixed by creating a new item.Proof of Concept
In the contract
gameItemsthe owner of the contract can create new items that can be used within the game. Those items have the following attributes:name=> name of the ItemfiniteSupply=> if the number of items that can be minted is limited or nottransferable=> if this item can be transferred to another useritemsRemaining=> remaining items if the supply is finiteitemPrice=> price to pay for minting this itemdailyAllowance=> amount of items a user can mint per dayOnce the item is created only the parameter
transferablecan be changed by callingadjustTransferability. All other attributes can not be changed because there is now function implemented for this.The missing possibility to change the other attributes reduces the flexibility of the developers and can lead to problems down the road. For example, if the token price for the NRN token increases significantly, lets say to 1 USD, the current price for a battery of 10 NRN might not be realistic any more but it could never be changed. One could just create a new item with a lower price but since the item ID for batteries is hard coded in e.g. the
voltageManagercontract this would require redeploying a new version of this contract with all the complications connected with this.Recommended Mitigation Steps
Consider implementing functions to adjust the other game item parameters.
Assessed type
Other