c4-judge
commented
5 months ago jhsagd76 marked the issue as satisfactory
Open c4-bot-2 opened 5 months ago
c4-judge
commented
5 months ago jhsagd76 marked the issue as satisfactory
Lines of code
Vulnerability details
Mitigation of H-04: Mitigated
Mitigated issue
H-04: Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType
The issue was that
FighterFarm.reRoll()allows anyfighterTypeinput.Mitigation review
A check has been added which requires
fighterTypeto correspond to the type indicated byfighters[tokenId].dendroidBool. This fixes the issue. But since this means that there is precisely only one valid input value offighterTypeit seems a better solution would be to simply read this value fromfighters[tokenId].dendroidBool, i.e.fighterType = fighters[tokenId].dendroidBool ? 1 : 0;, and removefighterTypeas an input.