Insecure Check for Christmas Date in `collectPresent()` Function
Summary
The collectPresent function in the SantasList.sol contains an insecure check for Christmas 2023. It allows users to call the function even after Christmas.
Vulnerability Details
The current implementation uses block.timestamp to check if it is Christmas 2023 yet. However, according to this condition a user can even call this function a year later then Christmas 2023, which isn't the intended functionality
Impact
The insecure date check in the collectPresent function could lead to undesired behavior, allowing users to collect presents even after Christmas 2023 has passed.
Tools Used
No specific tools were used to identify this issue. Manual code review and analysis were sufficient to identify the insecure date check.
Recommendations
Consider adding a time window for present collection rather than relying on a single timestamp check.
Lead Judging Commences
collectPresent is callable after Christmas
check on block.timestamp only requires that christmas has arrived. The protocol explicitly states that after christmas has passed (give or take 24 hours) collecting shouldn't be possible.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.