First Flight #17: Dussehra

First Flight #17

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

`ChoosingRam::increaseValuesOfParticipants` Calls Can Revert if Called before the `organiser` Calls `RamNFT::setChoosingRamContract`

vile

Summary

Since RamNFT::choosingRamContract cannot be set in the contract constructor (due to a circular dependency), a separate RamNFT::setChoosingRamContract call is required to set choosingRamContract. Therefore, there exists a period where ChoosingRam::increaseValuesOfParticipants calls can revert due to its requirement to update NFT characteristics using RamNFT::updateCharacteristics. During this time, the RamNFT::onlyChoosingRamContract modifier will always revert privileged calls (updateCharacteristics), since choosingRamContract will be the default address type value (the zero address).

Vulnerability Details

increaseValuesOfParticipants executes external calls to the RamNFT contract to both get and update NFT characteristics, however, if choosingRamContract is not set in RamNFT, updateCharacteristics will revert due to the onlyChoosingRamContract modifier.

// @audit if `setChoosingRamContract` is not called, `choosingRamContract` is defaulted to the zero address

modifier onlyChoosingRamContract() {

if (msg.sender != choosingRamContract) {

revert RamNFT__NotChoosingRamContract();

}

// ...

function setChoosingRamContract(address _choosingRamContract) public onlyOrganiser {

choosingRamContract = _choosingRamContract;

}

// ...

function updateCharacteristics(

uint256 tokenId,

bool _isJitaKrodhah,

bool _isDhyutimaan,

bool _isVidvaan,

bool _isAatmavan,

bool _isSatyavaakyah

) public onlyChoosingRamContract { // @audit calls will fail (see: `onlyChoosingRamContract` modifier)

Characteristics[tokenId] = CharacteristicsOfRam({

ram: Characteristics[tokenId].ram,

isJitaKrodhah: _isJitaKrodhah,

isDhyutimaan: _isDhyutimaan,

isVidvaan: _isVidvaan,

isAatmavan: _isAatmavan,

isSatyavaakyah: _isSatyavaakyah

});

}

Impact

increaseValuesOfParticipants can fail for a period of time , which is confusing for users and unintended behavior.

Tools Used

Manual Review

Recommendations

Ensure setChoosingRamContract is called immediately after deployment.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

218

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.