First Flight #17: Dussehra

First Flight #17

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Organiser can change already selectedRam by `ChoosingRam::selectRamIfNotSelected`

appet

Description:

After users set selectedRam by calling ChoosingRam::increaseValuesOfParticipants (using semi-randomization which is a part of another issue) and setting the selectedRam state variable, there is no statement, changing the isRamSelected bool to true. This leads to ChoosingRam::selectRamIfNotSelected passing, when called by Organiser, making possible for Organiser to change again the value of selectedRam.

Impact:

We should consider that Organiser could call this function by accident or with malicious intent.
Although ChoosingRam::selectRamIfNotSelected uses some kind of (semi-)randomization the random variable of ChoosingRam::selectRamIfNotSelected could be manipulated.
In both scenarios this is a serious centralization issue, breaking the protocol`s intended purpose and decentralization as a whole.

Proof of Concept:

Paste the following code in the Dussehra.t.sol:

function test_changeRamAfterSetRam() public participants {

vm.startPrank(player1);

choosingRam.increaseValuesOfParticipants(0, 1);

vm.stopPrank();

assertEq(choosingRam.selectedRam(), player2);

vm.warp(1728691200 + 4);

vm.startPrank(organiser);

choosingRam.selectRamIfNotSelected();

vm.stopPrank();

assertEq(choosingRam.isRamSelected(), true);

assertEq(choosingRam.selectedRam(), player1);

}

Recommended Mitigation:

Consider adding a line of code that changes the isRamSelected bool to true in ChoosingRam::increaseValuesOfParticipants

function increaseValuesOfParticipants(uint256 tokenIdOfChallenger, uint256 tokenIdOfAnyPerticipent)

public

RamIsNotSelected

{

+ isRamSelected = true;

}

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

`isRamSelected` is not set

Rewards breakdown

nSLOC

218

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.