After 13th October 2024 the funds in the `Dussehra` cannot be withdrawn and will be stuck forever in the contract
Summary
The funds gathered from the entrance fees can be rewarded to the organiser and the Ram only if the Ravana is killed. But the Ravana can be killed only between 12th October 2024 and 13th October 2024. If not killed in this period then there is no possibility for the funds to be withdrawn and they will remain in the contract forever.
Vulnerability Details
The function which are responsible for the transfer of the funds are Dussehra::withdraw and Dussehra::killRavana. Dussehra::killRavana can be executed as stated in the docs only between 12th October 2024 and 13th October 2024. This function transfers half of the funds to the organiser and sets the flag Dussehra::IsRavanKilled to true. This flag is used by the modifier Dussehra::RavanKilled which allows the execution of the Dussehra::withdraw function which transfers the other half of the funds to the selected Ram user. If Dussehra::killRavana is not executed in the specified period of time, then no one will be able to get the funds and they will be stuck forever in the contract.
Impact
The impact are the clearly stuck and therefore lost funds. However, this is a problem which might be caused by the actual use of the protocol and users and the organisers will be responsible. So, the impact is Low.
Tools Used
Manual review
Recommendations
Implement some fallback or allow Ravana to be killed even after the 13th October 2024.
Lead Judging Commences
Invalid - `killRavana` is not called
The organizer is trusted and he/she will call the `killRavana` function.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.