First Flight #17: Dussehra

First Flight #17

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Unqualified `ram` may be selected via `choosingRam.sol::selectRamIfNotSelected()`

kiinzu

Summary

Dussehra.sol::selectRamIfNotSelected() may choose a ram that does not fulfill all the characteristics.

Vulnerability Details

quoting from the documentation for choosingRam.sol,

This contract allows users to increase their values and select as Ram if all characteristics are true

From this sentence, we can assume that a ram is selected once all five attributes are true, we can further confirm this in the code here. The code that the organizer use to choose a ram if the event is started but the ram has not yet been chosen is choosingRam.sol::selectRamIfNotSelected(), the code is as below.

function selectRamIfNotSelected() public RamIsNotSelected OnlyOrganiser {

if (block.timestamp < 1728691200) {

revert ChoosingRam__TimeToBeLikeRamIsNotFinish();

}

if (block.timestamp > 1728777600) {

revert ChoosingRam__EventIsFinished();

}

uint256 random = uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao))) % ramNFT.tokenCounter();

selectedRam = ramNFT.getCharacteristics(random).ram;

isRamSelected = true;

}

The problem is, the chosen ram attributes is not verified upon choosing it randomly like the function does.

Impact

A random user that doesn't eligible for becoming ram, assuming 5 attributes must be true, can be selected as a ram due to lack of validation,

Tools Used

Manual Analysis

Recommendations

It is better to first ensure that the user randomly selected has all the 5 attributes true.

function selectRamIfNotSelected() public RamIsNotSelected OnlyOrganiser {

if (block.timestamp < 1728691200) {

revert ChoosingRam__TimeToBeLikeRamIsNotFinish();

}

if (block.timestamp > 1728777600) {

revert ChoosingRam__EventIsFinished();

}

uint256 random = uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao))) % ramNFT.tokenCounter();

+ CharacteristicsOfRam memory candidateRam = ramNFT.getCharacteristics(random);

+ // Verify the attributes

+ require(candidateRam.isJitaKrodhah, "Ram does not have the isJitaKrodhah attribute");

+ require(candidateRam.isDhyutimaan, "Ram does not have the isDhyutimaan attribute");

+ require(candidateRam.isVidvaan, "Ram does not have the isVidvaan attribute");

+ require(candidateRam.isAatmavan, "Ram does not have the isAatmavan attribute");

+ require(candidateRam.isSatyavaakyah, "Ram does not have the isSatyavaakyah attribute");

// If all attributes are verified, assign the address to selectedRam and set isRamSelected to true

selectedRam = candidateRam.ram;

isRamSelected = true;

}

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

218

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.