search

code-423n4 / 2024-04-ai-arena-mitigation-findings

0 stars 0 forks source link

H-07 MitigationConfirmed #26

Open c4-bot-7 opened 5 months ago

c4-bot-7 commented 5 months ago

Lines of code

Vulnerability details

Lines of code

Vulnerability details

C4 issue

H-07: Fighters cannot be minted after the initial generation due to uninitialized numElements mapping

Comments

The previous implementation didn't have a method to set numElements for new generations. This made it impossible to create fighters for generations > 0, since only generation 0 had hardcoded numElements during construction.

Mitigation

PR #7 A function setNumElements has been added, which allows the contract owner to set or update the number of elements of a given generation:

/// @notice Updates the number of elements for a given generation.
/// @dev Only the owner address is authorized to call this function.
/// @param newNumElements number of elements for the generation.
/// @param generation_ generation to be updated.
function setNumElements(uint8 newNumElements, uint8 generation_) external {
    require(msg.sender == _ownerAddress);
    numElements[generation_] = newNumElements;
}

Suggestion

The function allows updating an existing numElements[generation] value to a smaller value. If this is a possibility, beware that previously created fighters could have an element value greater than the one stored in numElements[generation]. This has no consequence in the smart contract itself, but could affect the game.

Conclusion

LGTM

c4-judge commented 5 months ago

jhsagd76 marked the issue as satisfactory