First Flight #17: Dussehra

First Flight #17

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Ravana can be killed before October 12th

funkyenough

Summary

README states that: "killRavana: ... this function will only work after 12th October 2024 and before 13th October 2024."

The Dussehra contract should revert with error Dussehra__MahuratIsNotStart before Oct 12th. However, the timestamp is set at 1728691069, which is Fri Oct 11 2024 23:57:49 GMT+0000, which is roughly 2 minutes before Oct 12th midnight.

The contract then should revert with error Dussehra__MahuratIsFinished after Oct 13th. However, the timestamp is set at 1728777669, which is Sun Oct 13 2024 00:01:09 GMT+0000, which is roughly 9 hours after Oct 13th midnight.

Vulnerability Details

PoC only proves that Ravana can be killed before Oct 12th.

function testRavanaCanBeKilledBeforeOctoberTwelfth() public participants {

// Since another bug prevents the isRamSelected state to be changed by users

// and the organiser can only change isRamSelected to True after 1728691200

// We skip to 1728691200 and revert back to 1728691069 in the Action Phase

vm.warp(1728691200 + 1);

vm.prank(organiser);

choosingRam.selectRamIfNotSelected();

assertEq(choosingRam.isRamSelected(), true);

// We now rewind to 1728691069, which is Fri Oct 11 2024 23:57:49 GMT+0000

vm.warp(1728691069 + 1);

dussehra.killRavana();

assertEq(dussehra.IsRavanKilled(), true);

}

Impact

Not a whole lot, especially with the current implementation where users cannot set isRamSelected in the ChoosingRam contract to true, only organiser can select Ram. If anything, there is a 9 hour buffer given to the organiser should they forget to killRavana in time.
The problem is mostly that it does not match the description of the function in README.

Tools Used

Manual Review

Recommendations

Set Revert values to 1728691200 and 1728777600 respectively.
Better, set immutable variables to prevent issues of magic numbers.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Incorrect timestamp

Rewards breakdown

nSLOC

218

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.