First Flight #17: Dussehra

First Flight #17

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

`Dussehra::WantToBeLikeRam` array not deleted after organizer gets share. Organizer can get all the funds.

modey

Summary

The organiser can get his share plus what is supposed to be awarded to Ram, because the Dussehra::WantToBeLikeRamarray does not get reset after the organiser gets paid.

Vulnerability Details

The Dussehra::killRavana function uses the product of length of Dussehra::WantToBeLikeRam array and Dussehra::entranceFee as part of the values used to compute how much the organiser receives(half of that product, with the other half to be awarded to Ram). If the array is not reset to zero after the first payment to organiser, The function can be called again before ram withdraws and organiser gets paid the other half, thereby reducing ram rewards to zero and leaving ram with nothing!

Please find below; a demonstration of this concept. The test operates with two participants who enter with 1 ether each.
Paste the following into the test suite

function test_organiserCanGetAllFunds() public participants {

vm.warp(1728691200 + 1);

vm.startPrank(organiser);

choosingRam.selectRamIfNotSelected();

vm.stopPrank();

vm.startPrank(organiser);

//The function is called once and 1 ether is sent to organiser as per design,and dussehra contract remains with 1 ether.

dussehra.killRavana();

assertEq(address(dussehra).balance, 1 ether);

assertEq(address(organiser).balance, 1 ether);

//The function is called a second time before Ram can withdraw

dussehra.killRavana();

assertEq(address(dussehra).balance, 0 );

//The organiser has all of the 2 ether

assertEq(address(organiser).balance, 2 ether);

vm.stopPrank();

assertEq(dussehra.IsRavanKilled(), true);

//There is no reward left in dussehra contract balance

}

Then run `forge test --mt test_organiserCanGetAllFunds`

Impact

Ram can end up with no reward!

Tools Used

Manual Review + Foundry

Recommendations

Please consider deleting Dussehra::WantToBeLikeRam as organiser gets paid first time. This resets it.
Below is a demonstration:

function killRavana() public RamIsSelected {

if (block.timestamp < 1728691069) {

revert Dussehra__MahuratIsNotStart();

}

if (block.timestamp > 1728777669) {

revert Dussehra__MahuratIsFinished();

}

IsRavanKilled = true;

uint256 totalAmountByThePeople = WantToBeLikeRam.length * entranceFee;

totalAmountGivenToRam = (totalAmountByThePeople * 50) / 100;

+ delete WantToBeLikeRam;

(bool success, ) = organiser.call{value: totalAmountGivenToRam}("");

require(success, "Failed to send money to organiser");

}

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

isRavanKilled is not checked

Rewards breakdown

nSLOC

218

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.