First Flight #17: Dussehra

First Flight #17

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

DoS as a result of the organiser changing choosingRamContract in RamNFT.sol

edsardgrisel

Summary

DoS as a result of the organiser changing the choosingRamContract in RamNFT.sol

Vulnerability Details

RamNFT.sol::setChoosingRamContract can be called by the organiser and set to any address. This means that the RamNFT.sol contract is in no way connected to the ChoosingRam.sol contract

Proof of Code

function test_organiserCanPreventAnyIncreasesInNftValue() public participants {

vm.warp(1722470400);

vm.prevrandao(bytes32(0));

vm.startPrank(organiser);

ramNFT.setChoosingRamContract(address(0));

vm.stopPrank();

vm.startPrank(player1);

vm.expectRevert(abi.encodeWithSelector(RamNFT.RamNFT__NotChoosingRamContract.selector));

choosingRam.increaseValuesOfParticipants(0, 1);

vm.stopPrank();

}

Impact

RamNFT.sol::updateCharacteristics can only be called by the RamNFT.sol::choosingRamContract and because this can be changed to an address other than the ChoosingRam.sol address, calling ChoosingRam.sol::increaseValuesOfParticipants will revert as RamNFT.sol::updateCharacteristics is called from a contract that is not the current RamNFT.sol::choosingRamContract. This will make leveling up your nft impossible, resulting in a key feature being impossible to use. However, due to another bug that only allows you to withdraw if your picked as ram through ChoosingRam.sol::selectRamIfNotSelected, no funds are at risk because of this.

Tools Used

Manual review

Recommendations

Don't allow the organiser to have the power to change the choosingRam contract (delete RamNFT.sol::setChoosingRamContract)
Implement a DAO so that participants can vote on proposed choosingRam contract changes.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

218

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.