First Flight #13: Baba Marta
First Flight #13
Beginner FriendlyFoundryGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

`MartenitsaEvent::stopEvent` doesn't reset the `participants` array and `_participants` mapping leading to previous participants not able to participate in next event.

shikhar229169

Summary

MartenitsaEvent::stopEvent allows the owner to stop the martenitsa event and remove their producer role, but it doesn't reset the participants array and _participants mapping as a result of which previous participants are not able to participate in new events.

Vulnerability Details

The vulnerability is present in the MartenitsaEvent::stopEvent function where it fails to reset the participants array and _participants mapping.

When a new event is started by the owner, the participants of previous events will not be able to participate as the _participants mapping still hold true for them and joinEvent will revert.

function stopEvent() external onlyOwner {
require(block.timestamp >= eventEndTime, "Event is not ended");
for (uint256 i = 0; i < participants.length; i++) {
isProducer[participants[i]] = false;
}
}

Impact

Previous events participants can't participant in new events.

Tools Used

Manual Review

Recommendations

function stopEvent() external onlyOwner {
require(block.timestamp >= eventEndTime, "Event is not ended");
for (uint256 i = 0; i < participants.length; i++) {
isProducer[participants[i]] = false;
+ _participants[participants[i]] = false;
}
+ participants = new address[](0);
}
Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

_participants is not updated

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.