Incrementing a fighter type generation will brick the element attribute selection forever because of a missing function to update `numElements`
c4-bot-9 opened this issue · 4 comments
Lines of code
https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L470
Vulnerability details
Impact
After incrementing the generation for a fighter type, all upcoming mints will only have the element corresponding to index 0.
Assesed as Medium since it breaks a chore mechanic, which can't be fixed or mitigated, since the contract will be bricked.
Vulnerability Details
When minting a new fighter, its corresponding element is calculated as:
uint256 element = dna % numElements[generation[fighterType]];The game will work fine for any fighterType on initialization, as numElements[0] = 3; is defined on the constructor.
The problem will arise when the generation is incremented with generation[fighterType] += 1;, which is an expected action at some point in time.
After that, numElements[generation[fighterType]] == numElements[1] == 0, as it is its default value. This will translate the element calculation to:
uint256 element = dna % 0; // @audit-info It will always be 0The problem is that there isn't any function to update numElements.
So, the element for new minted fighters will always be zero, breaking a chore mechanic used to calculate strengths and weaknesses depending on pairing.
Recommended Mitigation Steps
Create a function to set the numElements for a specific generation.
Assessed type
DoS
raymondfam marked the issue as sufficient quality report
raymondfam marked the issue as duplicate of #45
HickupHH3 changed the severity to 3 (High Risk)
HickupHH3 marked the issue as partial-50