The function `Dussehra::enterPeopleWhoLikeRam` doesn't have an expiry date, enabling participants to enter the event even after its conclusion.
Summary
The function Dussehra::enterPeopleWhoLikeRam doesn't have an expiry date, enabling participants to enter the event even after its conclusion.
Vulnerability Details
The vulnerability arises from the absence of time-based restrictions in the enterPeopleWhoLikeRam function of the Dussehra contract. This oversight allows users to continue joining the "Be Like Ram" event regardless of whether the participation period has ended. The lack of expiry date validation means that the contract does not enforce constraints on when participants can enter the event, potentially leading to possible loss of funds.
Impact
This vulnerability undermines the fairness and integrity of the event, potentially leading to a loss of trust among participants.
Tools Used
Manual code review
Recommendations
mplement Time-Based Restrictions: Introduce checks within the enterPeopleWhoLikeRam function to verify that participants can only enter the event during the designated period. By enforcing time-based restrictions, the contract can ensure that participation is limited to the intended duration, maintaining
Lead Judging Commences
Invalid - enter people after event or after Ram is selected
It is the user's responsibility to check the date of the event.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.