Submission Details
Severity:
`selectRamIfNotSelected` can be called even after ram is selected
Summary
Once ram is selected, organiser or no one should be able to change ram again. If it can be changed then game becomes unfair and people loses trust in the protocol thereby results in failure of protocol.
Vulnerability Details
place below code in Dussehra.t.sol and run forge test --mt test__RamCanBeChangedAfterSelection
code
function test__RamCanBeChangedAfterSelection() public participants {
vm.warp(1728691198 + 1); // executing the transaction exactly at a particular timestamp to get a predictable outcome of 0 for simplicity
vm.startPrank(player1);
uint256 random = uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender))) % 2;
vm.stopPrank();
assertEq(random, 0);
assertEq(ramNFT.getCharacteristics(random).ram, player1);
vm.startPrank(player1);
for (uint64 i = 0; i < 5; i++) {
choosingRam.increaseValuesOfParticipants(0, 1); // lets assume player 1 is selected as ram
}
vm.stopPrank();
assertEq(choosingRam.selectedRam(), player1); // selected ram is player 1
assertEq(choosingRam.isRamSelected(), false);
vm.warp(1728691199 + 1);
vm.startPrank(organiser);
choosingRam.selectRamIfNotSelected(); // though player 1 is already selected, organiser can again call this function to change the selected ram to another player
vm.stopPrank();
assertEq(choosingRam.isRamSelected(), true);
assertNotEq(choosingRam.selectedRam(), player1); // now, selected ram is not player 1
}
Impact
ram once selected shouldn't be changed later, to maintain transparency.
Tools Used
Foundry
Recommendations
Make below code change in ChoosingRam::increaseValuesOfParticipants
function increaseValuesOfParticipants(uint256 tokenIdOfChallenger, uint256 tokenIdOfAnyPerticipent)
public
RamIsNotSelected{
...
if(random == 0){
}
else if (ramNFT.getCharacteristics(tokenIdOfChallenger).isSatyavaakyah == false) {
ramNFT.updateCharacteristics(tokenIdOfChallenger, true, true, true, true, true);
selectedRam = ramNFT.getCharacteristics(tokenIdOfChallenger).ram;
+ isRamSelected = true;
}
}
Updates
Lead Judging Commences
bube over 1 year ago
Submission Judgement Published Assigned finding tags:
`isRamSelected` is not set
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.