Summary

When all the characteristics of NFT of a person becomes true upon calling increaseValuesOfParticipants, then that person is selected as Ram but it fails to update the isRamSelected to true, as a result of which the Ram that was selected cannot actually act as Ram.

As a result of which even a person is eligible as Ram cannot behave as Ram and the event can only proceed when organizer selects Ram.

Vulnerability Details

The vulnerability is present in the ChoosingRam::increaseValuesOfParticipants function where it doesn't update the isRamSelected variable to true even when a person satisfies all the conditions to become Ram, but it just updates the selectedRam variable.

As a result of this the protocol cannot select their Ram via increaseValuesOfParticipants function even when a person satisfied the characteristics of Ram.

Even though a person qualified as Ram, they will not actually be Ram as isRamSelected is not updated to true, and the increaseValuesOfParticipants function will be allowed to call multiple times even though Ram was selected.

Impact

• Ram cannot be chosen via ChoosingRam::increaseValuesOfParticipants.

• Even though a person was eligible as Ram but due to not updating the isRamSelected variable they will not actually be Ram and in order to further proceed with the event the organizer will have to choose Ram via selectRamIfNotSelected function.

Tools Used

Manual Review

Recommendations

Update isRamSelected to true when a selectedRam is updated in increaseValuesOfParticipants