Summary

The increaseValuesOfParticipants function allows users to upgrade their characteristics by challenging with other participants, but due to incorrect token check of participant, the challenger will be allowed to pass non-existent tokenId and thus it will not benefit any participant that won when challenged by challenger.

Vulnerability Details

• The vulnerability is present in the increaseValuesOfParticipants where it performs a strict > check, instead of >= check.

• The ramNFT::tokenCounter returns the tokenId that is to be minted next and thus all tokenIds >= to ramNFT::tokenCounter are non-existent but increaseValuesOfParticipants doesn't revert even if the tokenIdOfAnyPerticipent equals ramNFT::tokenCounter, which is non-existent.

• As a result of this challenger passing non-existent tokenIds will never make actual participants benefit as properties are updated on a non-existent tokenId, even if other person minted that particular tokenId everthing will reset.

• Along with that if that non-existent tokenId won all the characteristics, then Ram will be selected as address(0), therefore a person can create a mess in the Dussehra event by making address(0) as Ram, resulting which funds being locked in the Dussehra contract that were to be given to the selected Ram.

Impact

• Challenger will bring no benefit to other participants by passing non-existent tokenIds.

• Challenger can create havoc in the Dussehra event by passing non-existent tokenId as participant and when non-existent tokenId wins all the characteristics address(0) will be selected as Ram, which will lead to fund lock in Dussehra contract that were to be given to the selected Ram. But selected Ram being address(0) is insignificant as they are not actually Ram.

Tools Used

Manual Review

Recommendations

Make the increaseValuesOfParticipants function to revert when tokenId passed is >= ramNFT.tokenCounter()