Failure to Update isRamSelected Boolean in increaseValuesOfParticipants Function Allows Rams to be Selected by the Organizer
Summary
The ChoosingRam contract fails to update the isRamSelected boolean variable within the increaseValuesOfParticipants function. This oversight allows the organizer to repeatedly invoke the selectRamIfNotSelected function, potentially resulting in the replacement of Ram by the Organizer, which violates the intended contract logic.
Vulnerability Details
In the increaseValuesOfParticipants function of the ChoosingRam contract, the boolean variable isRamSelected is not being set to true when a Ram is selected. Consequently, the RamIsNotSelected modifier continues to permit further selections. This creates a scenario where the organizer can call the selectRamIfNotSelected function again, replacing the previously selected Ram.
Impact
The failure to update the isRamSelected boolean can lead to The previously selected Ram can be replaced, leading to inconsistencies in the contract's state.
Tools Used
Manual code review
Recommendations
Update the isRamSelected Variable: Modify the increaseValuesOfParticipants function to set isRamSelected to true once a Ram has been selected.
+ isRamSelected = true;
Lead Judging Commences
`isRamSelected` is not set
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.