Submission Details
Severity:
Organiser can withdraw all funds from Dussehra
Summary
After the killRavana function is called for the first time, half of the funds will be sent to the organiser's address.
If the selected Ram does not call the dussehra.withdraw() function before the organiser does, organiser can call the function for the second time, withdrawing all the funds from the Dussehra Contract.
Vulnerability Details
function testOrganiserCanWithdrawAllFunds() public participants {
uint256 organiserOriginalBalance = organiser.balance;
uint256 dussehraOriginalBalance = address(dussehra).balance;
console2.log("Beginning balance of Dussehra Contract: %d", address(dussehra).balance);
vm.warp(1728691200 + 1);
vm.startPrank(organiser);
choosingRam.selectRamIfNotSelected();
assertEq(choosingRam.isRamSelected(), true);
dussehra.killRavana();
console2.log("Balance of the Dussehra Contract after first call to killRavana: %d", address(dussehra).balance);
dussehra.killRavana();
console2.log("Balance of the Dussehra Contract after second call to killRavana: %d", address(dussehra).balance);
assertEq(address(dussehra).balance, 0);
assertEq(organiserOriginalBalance + organiser.balance, dussehraOriginalBalance + address(dussehra).balance);
vm.stopPrank();
}
Impact
If Ram's withdraw() transaction is not immediately after the killRavana() transaction, then user may lose their fund to the organiser.
Tools Used
Manual Review
Recommendations
Set killRavana function to revert when isRavanKilled is set to true
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.