Open howlbot-integration[bot] opened 1 month ago
The Warden and its duplicates have identified a significant issue with the code which will continue to attribute rewards for a plot with an ID of 0
regardless of whether the landlord has staked any tokens.
A high-risk severity is appropriate for this vulnerability as it effectively permits rewards to be minted without any staked funds on the landlord's end. Submissions that detailed the problem with the equality case but failed to identify the 0
edge case (i.e. failed to argue a high-severity rating) will be awarded 75% of their intended reward.
alex-ppg marked the issue as selected for report
alex-ppg marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2024-07-munchables/blob/main/src/managers/LandManager.sol#L258
Vulnerability details
Impact
This vulnerability allows for repeated farming and reward collection from a plot even after the landlord has unlocked funds, leading to an imbalance in the game economy and unfair advantage to certain players.
Proof of Concept
The
_farmPlots
function has a vulnerability where a plot with aplotId
0 can continue to be farmed and receive rewards even after the landlord has unlocked all funds.the code snippet:
The _getNumPlots function should return zero when all funds are unlocked, invalidating the plot and setting the dirty flag.
However, the current implementation fails to do so, it only determines if
NumPlots
is less than theplotId
and allows plot 0 to remain farmable.the poc file:
run the poc file and get the output:
Tools Used
Manual
Recommended Mitigation Steps
Add the check for
plotId
is equal tonumPolts
.Assessed type
Invalid Validation