First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

New participants can still enter even after Dussehra's end

0xlrivo

Summary

Dussehra:enterPeopleWhoLikeRam() allows new participants to enter the competition by paying a fixed-fee in ETH and by minting a RamNFT to them.

However this function do not implement any checks to prevent entries after the 13th October 2024.

Impact

User who enters after the end will only loose their ETH with no possibility to play and try to win 50% of the fee bot if they become the Ram.

POC

Add the following test to test/Dussehra.t.sol:

function test_userCanEnterAfterEnd() public participants {
// player1 and player2 correctly entered withing the competition date range
vm.deal(player3, 1 ether);
vm.deal(player4, 1 ether);
// increaseValueOfParticipants() is not callable anymore
vm.warp(1728691200 + 1);
// but new participants can still enter
vm.startPrank(player3);
dussehra.enterPeopleWhoLikeRam{value: 1 ether}();
vm.expectRevert();
choosingRam.increaseValuesOfParticipants(2, 1);
vm.stopPrank();
// duesshra event is finished after this point
vm.warp(1728777600 + 1);
// but new participants can still enter
vm.prank(player4);
dussehra.enterPeopleWhoLikeRam{value: 1 ether}();
vm.prank(organiser);
vm.expectRevert();
choosingRam.selectRamIfNotSelected();
}

Recommendations

Revert Dussehra:enterPeopleWhoLikeRam() if called after that increaseValueOfParticipants() has been disabled, this way users cannot enter without any possibility to win.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Invalid - enter people after event or after Ram is selected

It is the user's responsibility to check the date of the event.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.