Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: medium
Invalid

Unqualified `ram` may be selected via `choosingRam.sol::selectRamIfNotSelected()`

Summary

Dussehra.sol::selectRamIfNotSelected() may choose a ram that does not fulfill all the characteristics.

Vulnerability Details

quoting from the documentation for choosingRam.sol,

This contract allows users to increase their values and select as Ram if all characteristics are true

From this sentence, we can assume that a ram is selected once all five attributes are true, we can further confirm this in the code here. The code that the organizer use to choose a ram if the event is started but the ram has not yet been chosen is choosingRam.sol::selectRamIfNotSelected(), the code is as below.

function selectRamIfNotSelected() public RamIsNotSelected OnlyOrganiser {
if (block.timestamp < 1728691200) {
revert ChoosingRam__TimeToBeLikeRamIsNotFinish();
}
if (block.timestamp > 1728777600) {
revert ChoosingRam__EventIsFinished();
}
uint256 random = uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao))) % ramNFT.tokenCounter();
selectedRam = ramNFT.getCharacteristics(random).ram;
isRamSelected = true;
}

The problem is, the chosen ram attributes is not verified upon choosing it randomly like the function does.

Impact

A random user that doesn't eligible for becoming ram, assuming 5 attributes must be true, can be selected as a ram due to lack of validation,

Tools Used

Manual Analysis

Recommendations

It is better to first ensure that the user randomly selected has all the 5 attributes true.

function selectRamIfNotSelected() public RamIsNotSelected OnlyOrganiser {
if (block.timestamp < 1728691200) {
revert ChoosingRam__TimeToBeLikeRamIsNotFinish();
}
if (block.timestamp > 1728777600) {
revert ChoosingRam__EventIsFinished();
}
uint256 random = uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao))) % ramNFT.tokenCounter();
+ CharacteristicsOfRam memory candidateRam = ramNFT.getCharacteristics(random);
+ // Verify the attributes
+ require(candidateRam.isJitaKrodhah, "Ram does not have the isJitaKrodhah attribute");
+ require(candidateRam.isDhyutimaan, "Ram does not have the isDhyutimaan attribute");
+ require(candidateRam.isVidvaan, "Ram does not have the isVidvaan attribute");
+ require(candidateRam.isAatmavan, "Ram does not have the isAatmavan attribute");
+ require(candidateRam.isSatyavaakyah, "Ram does not have the isSatyavaakyah attribute");
// If all attributes are verified, assign the address to selectedRam and set isRamSelected to true
selectedRam = candidateRam.ram;
isRamSelected = true;
}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.