`MartenitsaEvent::_participants` mapping is not cleared in `MartenitsaEvent::stopEvent` function which means user can only join one event and not next events in future.
Summary
When user joins event, he will not be able to join next event in future.
Vulnerability Details
There will be multiple events and user will be only able to join one event. There is no documentation or natspec which explains this behavior, from security standpoint it should be assumed that it is vulnerability.
Impact
User can join only one event, it will not be able to joint other events in future.
Proof of Concept
This is existing test from MartenitsaEvent.t.sol. From looking this test it seems that this is desired and not vulnerability, but developer could make mistake to expect that second time joining event will revert but it shouldn't revert.
Tools Used
Manual review
Recommendations
If behavior that user can enter event only once is desired behavior, document it properly.
If it is not desired behavior, think of way to achieve that participants are cleared when stopping event, this is just broad suggestion because if not done correctly it may introduce new vulnerability.
Lead Judging Commences
_participants is not updated
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.