The increaseValuesOfParticipants
function allows users to upgrade their characteristics by challenging with other participants, but due to incorrect token check of participant, the challenger will be allowed to pass non-existent tokenId and thus it will not benefit any participant that won when challenged by challenger.
The vulnerability is present in the increaseValuesOfParticipants
where it performs a strict >
check, instead of >=
check.
The ramNFT::tokenCounter
returns the tokenId that is to be minted next and thus all tokenIds >=
to ramNFT::tokenCounter
are non-existent but increaseValuesOfParticipants
doesn't revert even if the tokenIdOfAnyPerticipent
equals ramNFT::tokenCounter
, which is non-existent.
As a result of this challenger passing non-existent tokenIds will never make actual participants benefit as properties are updated on a non-existent tokenId, even if other person minted that particular tokenId everthing will reset.
Along with that if that non-existent tokenId won all the characteristics, then Ram will be selected as address(0)
, therefore a person can create a mess in the Dussehra event by making address(0) as Ram, resulting which funds being locked in the Dussehra
contract that were to be given to the selected Ram.
Challenger will bring no benefit to other participants by passing non-existent tokenIds.
Challenger can create havoc in the Dussehra event by passing non-existent tokenId as participant and when non-existent tokenId wins all the characteristics address(0) will be selected as Ram, which will lead to fund lock in Dussehra
contract that were to be given to the selected Ram. But selected Ram being address(0) is insignificant as they are not actually Ram.
Manual Review
Make the increaseValuesOfParticipants
function to revert when tokenId passed is >= ramNFT.tokenCounter()
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.