Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: high
Valid

`isRamSelected` not updated to `true` even when Ram is selected via `increaseValuesOfParticipants` which makes is mandatory for organizer to choose Ram

Summary

When all the characteristics of NFT of a person becomes true upon calling increaseValuesOfParticipants, then that person is selected as Ram but it fails to update the isRamSelected to true, as a result of which the Ram that was selected cannot actually act as Ram.

As a result of which even a person is eligible as Ram cannot behave as Ram and the event can only proceed when organizer selects Ram.

Vulnerability Details

The vulnerability is present in the ChoosingRam::increaseValuesOfParticipants function where it doesn't update the isRamSelected variable to true even when a person satisfies all the conditions to become Ram, but it just updates the selectedRam variable.

As a result of this the protocol cannot select their Ram via increaseValuesOfParticipants function even when a person satisfied the characteristics of Ram.

Even though a person qualified as Ram, they will not actually be Ram as isRamSelected is not updated to true, and the increaseValuesOfParticipants function will be allowed to call multiple times even though Ram was selected.

Impact

  • Ram cannot be chosen via ChoosingRam::increaseValuesOfParticipants.

  • Even though a person was eligible as Ram but due to not updating the isRamSelected variable they will not actually be Ram and in order to further proceed with the event the organizer will have to choose Ram via selectRamIfNotSelected function.

Tools Used

Manual Review

Recommendations

Update isRamSelected to true when a selectedRam is updated in increaseValuesOfParticipants

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`isRamSelected` is not set

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.