Wrong way of construction of modifiers leads mint() function become public #294
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-608
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleReceipt.sol#L58
Vulnerability details
Impact
The wrong way of constructions of modifiers without require and revert . If anyone try to call mint() and mintBatch() will not revert instead it leads to mint() function become public anyone can mint in both RabbitHoleTickets.sol#L47 and RabbitHoleReceipt.sol#L58 .
Proof of Concept
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleTickets.sol#L47
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleReceipt.sol#L58
Tools Used
Manual
Recommended Mitigation Steps
modifier onlyMinter() {
require( msg.sender == minterAddress);
_;
}
The text was updated successfully, but these errors were encountered: