`isRamSelected` not updated to `true` even when Ram is selected via `increaseValuesOfParticipants` which makes is mandatory for organizer to choose Ram
Summary
When all the characteristics of NFT of a person becomes true upon calling increaseValuesOfParticipants, then that person is selected as Ram but it fails to update the isRamSelected to true, as a result of which the Ram that was selected cannot actually act as Ram.
As a result of which even a person is eligible as Ram cannot behave as Ram and the event can only proceed when organizer selects Ram.
Vulnerability Details
The vulnerability is present in the ChoosingRam::increaseValuesOfParticipants function where it doesn't update the isRamSelected variable to true even when a person satisfies all the conditions to become Ram, but it just updates the selectedRam variable.
As a result of this the protocol cannot select their Ram via increaseValuesOfParticipants function even when a person satisfied the characteristics of Ram.
Even though a person qualified as Ram, they will not actually be Ram as isRamSelected is not updated to true, and the increaseValuesOfParticipants function will be allowed to call multiple times even though Ram was selected.
Impact
Ram cannot be chosen via
ChoosingRam::increaseValuesOfParticipants.Even though a person was eligible as Ram but due to not updating the
isRamSelectedvariable they will not actually be Ram and in order to further proceed with the event the organizer will have to choose Ram viaselectRamIfNotSelectedfunction.
Tools Used
Manual Review
Recommendations
Update isRamSelected to true when a selectedRam is updated in increaseValuesOfParticipants
Lead Judging Commences
`isRamSelected` is not set
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.