The issue was that FighterFarm.reRoll() allows any fighterType input.
Mitigation review
A check has been added which requires fighterType to correspond to the type indicated by fighters[tokenId].dendroidBool. This fixes the issue.
But since this means that there is precisely only one valid input value of fighterType it seems a better solution would be to simply read this value from fighters[tokenId].dendroidBool, i.e. fighterType = fighters[tokenId].dendroidBool ? 1 : 0;, and remove fighterType as an input.
Lines of code
Vulnerability details
Mitigation of H-04: Mitigated
Mitigated issue
H-04: Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType
The issue was that
FighterFarm.reRoll()
allows anyfighterType
input.Mitigation review
A check has been added which requires
fighterType
to correspond to the type indicated byfighters[tokenId].dendroidBool
. This fixes the issue. But since this means that there is precisely only one valid input value offighterType
it seems a better solution would be to simply read this value fromfighters[tokenId].dendroidBool
, i.e.fighterType = fighters[tokenId].dendroidBool ? 1 : 0;
, and removefighterType
as an input.