First Flight #13: Baba Marta
First Flight #13
Beginner FriendlyFoundryGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

`MartenitsaEvent` contract is not resetting the state variable after each event

0xE79e

Summary

MartenitsaEvent contract is not properly resetting the state variables after each event cycle. This leads to issues where participants from previous events are unable to participate in subsequent events, as their participation status persists.

Vulnerability Details

The main vulnerability lies in the lack of resetting state variables after each event cycle:

  1. The MartenitsaEvent::startEvent function is called and the event begin.

  2. Users are joining the event.

  3. The event period ends and the event is stopped.

  4. The MartenitsaEvent::startEvent function is called again for a new event.

  5. Participants who took part in previous events are unable to join due to the lack of resetting the _participants state.

Impact

  • Participants from previous events are unfairly restricted from participating in subsequent events, leading to a loss of opportunity for engagement.

  • Overall, the integrity and functionality of the event management system are compromised, affecting user experience and trust in the contract.

Tools Used

Manual Review

Recommendations

Reset the state variable after the event ends:

function stopEvent() external onlyOwner {
require(block.timestamp >= eventEndTime, "Event is not ended");
for (uint256 i = 0; i < participants.length; i++) {
isProducer[participants[i]] = false;
+ _participants[participants[i]] = false;
}
}
Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

_participants is not updated

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.