First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

BNB Smart Chain's native currency is BNB, not ETH - `entranceFee` has to be adjusted at deployment

paprikrumplikas

Summary

The native currency of the BNB Smart Chain is BNB, not ETH as on the other deployment target chains Ethereum, Arbitrum and ZkSync.
This necessitates adjusting the entranceFee during deployment to ensure it aligns with the USD value intended for Ethereum deployments.

Vulnerability Details

The Dussehra contract relies on transfers of the native currency at multiple points:

  • in Dussehra::enterPeopleWhoLikeRam, which has to be called with msg.value = entranceFee,

  • in Dussehra::killRavana when the low-level call .call is used,

  • in Dussehra::withdraw when the low-level call .call is used.

Importantly, the native currency of BNB Smart Chain is BNB, not ETH as on the Ethereum, Arbitrum and ZkSync chains.

Impact

If Dussehra is deployed with the same entranceFee = X on the BNB Smart Chain and on Ethereum, the USD-denominated entrance fee will be wildly different on the 2 chains.

Tools Used

Manual review.

Recommendations

When deploying the protocol on the BNB Smart Chain, adjust the entranceFee so that the USD-denominated entrance fee will be similar to the USD-denominated entrance fee on Ethereum.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!