First Flight #13: Baba Marta

First Flight #13

Beginner FriendlyFoundryGameFi

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

previous _participants cannot participate event again

jennifersun

Summary

If the owner wants to start the event again, previous participants will not be allowed to enter again.

Vulnerability Details

In MartenitsaEvent, owner starts an event. Users will join the event to become an temporary producer. In order to avoid repeatedly participating the event, _participants is set to check whether msg.sender has participant the event. When we stop the event, _participants is not deleted. It means when the owner wants to start another event, previous participants cannot participate again.

function joinEvent() external {

require(block.timestamp < eventEndTime, "Event has ended");

require(!_participants[msg.sender], "You have already joined the event");

require(!isProducer[msg.sender], "Producers are not allowed to participate");

require(_healthToken.balanceOf(msg.sender) >= healthTokenRequirement, "Insufficient HealthToken balance");

_participants[msg.sender] = true;

participants.push(msg.sender);

emit ParticipantJoined(msg.sender);

(bool success) = _healthToken.transferFrom(msg.sender, address(this), healthTokenRequirement);

require(success, "The transfer is not successful");

_addProducer(msg.sender);

}

function stopEvent() external onlyOwner {

require(block.timestamp >= eventEndTime, "Event is not ended");

//@audit [H] too many join this event, might out of gas when stop event

//@audit [L] need remove from producers

for (uint256 i = 0; i < participants.length; i++) {

isProducer[participants[i]] = false;

}

Poc

function testSecondJoinEvent() public activeEvent eligibleForReward {

vm.startPrank(bob);

marketplace.collectReward();

healthToken.approve(address(martenitsaEvent), 10 ** 18);

martenitsaEvent.joinEvent();

vm.stopPrank();

vm.warp(2 days);

console.log("before stop event");

martenitsaEvent.stopEvent();

console.log("Test");

martenitsaEvent.startEvent(1 days);

vm.startPrank(bob);

healthToken.approve(address(martenitsaEvent), 10 ** 18);

martenitsaEvent.joinEvent();

}

The test case will be reverted because bob has already participant one event.

Impact

Previous participants cannot join another event.

Tools Used

Manual & Foundry

Recommendations

diff --git a/src/MartenitsaEvent.sol b/src/MartenitsaEvent.sol

index c9c0cdb..b0d567c 100644

--- a/src/MartenitsaEvent.sol

+++ b/src/MartenitsaEvent.sol

@@ -14,7 +14,7 @@ contract MartenitsaEvent is MartenitsaToken {

uint256 public healthTokenRequirement = 10 ** 18;

address[] public participants;

- mapping(address => bool) private _participants;

+ mapping(uint256 => mapping(address => bool)) private _participants;

event EventStarted(uint256 indexed startTime, uint256 indexed eventEndTime);

event ParticipantJoined(address indexed participant);

@@ -39,13 +39,15 @@ contract MartenitsaEvent is MartenitsaToken {

* @notice The event should be active and the caller should not be joined already.

* @notice Producers are not allowed to participate.

function joinEvent() external {

require(block.timestamp < eventEndTime, "Event has ended");

- require(!_participants[msg.sender], "You have already joined the event");

+ require(!_participants[eventStartTime][msg.sender], "You have already joined the event");

require(!isProducer[msg.sender], "Producers are not allowed to participate");

require(_healthToken.balanceOf(msg.sender) >= healthTokenRequirement, "Insufficient HealthToken balance");

- _participants[msg.sender] = true;

+ _participants[eventStartTime][msg.sender] = true;

participants.push(msg.sender);

emit ParticipantJoined(msg.sender);

@@ -59,6 +61,8 @@ contract MartenitsaEvent is MartenitsaToken {

function stopEvent() external onlyOwner {

require(block.timestamp >= eventEndTime, "Event is not ended");

for (uint256 i = 0; i < participants.length; i++) {

isProducer[participants[i]] = false;

}

@@ -68,7 +72,7 @@ contract MartenitsaEvent is MartenitsaToken {

* @notice Function to get information if a given address is a participant in the event.

function getParticipant(address participant) external view returns (bool) {

- return _participants[participant];

+ return _participants[eventStartTime][participant];

}

/**

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

_participants is not updated

Rewards breakdown

nSLOC

239

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.