When all the characteristics of NFT of a person becomes true upon calling increaseValuesOfParticipants
, then that person is selected as Ram but it fails to update the isRamSelected
to true, as a result of which the Ram that was selected cannot actually act as Ram.
As a result of which even a person is eligible as Ram cannot behave as Ram and the event can only proceed when organizer selects Ram.
The vulnerability is present in the ChoosingRam::increaseValuesOfParticipants
function where it doesn't update the isRamSelected
variable to true even when a person satisfies all the conditions to become Ram, but it just updates the selectedRam
variable.
As a result of this the protocol cannot select their Ram via increaseValuesOfParticipants
function even when a person satisfied the characteristics of Ram.
Even though a person qualified as Ram, they will not actually be Ram as isRamSelected
is not updated to true, and the increaseValuesOfParticipants
function will be allowed to call multiple times even though Ram was selected.
Ram cannot be chosen via ChoosingRam::increaseValuesOfParticipants
.
Even though a person was eligible as Ram but due to not updating the isRamSelected
variable they will not actually be Ram and in order to further proceed with the event the organizer will have to choose Ram via selectRamIfNotSelected
function.
Manual Review
Update isRamSelected
to true when a selectedRam
is updated in increaseValuesOfParticipants
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.