First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

The organiser may not call `selectRamIfNotSelected` function in time, all of users' entranceFee with stuck in contract forever

kazan

Description

After 12th October 2024 and before 13th October 2024, the organiser will have to call selectRamIfNotSelected to select Ram if not selected by the user. However, for many reasons, the organiser may not call this function in time.
And there are many reasons for that:

  • The organiser forget to call the function.

  • The organiser is kidnaped.

  • The organiser is Ravana servant and want to bring suffering to others.
    ...

Impact

If these scenarios happen. The selectRamIfNotSelected function can not be called anymore, there is no selectedRam that can kill Ravana and send half of the total amount collected in the event to the organiser.
All of users' entranceFee will stuck in Dussehra contract forever.

Tools Used

  • Manual review

  • Foundry

PoC

You've already tested.

function test_killRavanaIfEventIsFinished() public participants {
vm.warp(1728777600 + 1);
vm.expectRevert(abi.encodeWithSelector(ChoosingRam__EventIsFinished.selector));
vm.startPrank(organiser);
choosingRam.selectRamIfNotSelected();
vm.stopPrank();
vm.expectRevert("Ram is not selected yet!");
vm.startPrank(player2);
dussehra.killRavana();
vm.stopPrank();
}

Recommendations

Use ChainLink Automation.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Invalid - `selectRamIfNotSelected` is not called

The organizer is trusted and he/she will call the `selectRamIfNotSelected`.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.