First Flight #17: Dussehra

First Flight #17

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Players can enter the event after the finish date resulting in funds being stuck and unrecoverable.

poolig4n

Description
The Dusserha::enterPeopleWhoLikeRam function does not check the dates or check if the event has finished before enrolling a player. This can lead to funds being permanently stuck in the contract.

The function Dussehra::killRavana must be called between two specific dates, this function is responsible for paying the organiser and for allocation of funds to the winner, that is, the player who becomes Ram.

The Dussehra documentation states:

killRavana - Allows users to kill Ravana, and the Organizer will receive half of the total amount collected in the event. This function will only work after 12 October 2024 and before 13 October 2024.
withdraw - Allows ram to withdraw their rewards.

As funds are allocated in the Dussehra::killRavana function call and any funds added after that function call are not accounted for. When the Dussehra::withdraw function is called by the winner the payment amount has already been calculated and so the new funds will remain stuck in the contract permanently.

The value of the variable totalAmountGivenToRam is calculated and stored when Dussehra::killRavana is called:

function withdraw() public RamIsSelected OnlyRam RavanKilled {

if (totalAmountGivenToRam == 0) {

revert Dussehra__AlreadyClaimedAmount();

}

uint256 amount = totalAmountGivenToRam; <--* already calculated

(bool success, ) = msg.sender.call{value: amount}("");

require(success, "Failed to send money to Ram");

totalAmountGivenToRam = 0;

}

Impact

Permanent loss of funds and broken trust with players.

Proof of Concept

// SPDX-License-Identifier: UNLICENSED

pragma solidity ^0.8.13;

import {Test, console} from "forge-std/Test.sol";

import {Dussehra} from "../src/Dussehra.sol";

import {ChoosingRam} from "../src/ChoosingRam.sol";

import { mock } from "../src/mocks/mock.sol";

import {RamNFT} from "../src/RamNFT.sol";

contract IncreaseValueTest is Test {

// error Dussehra__NotEqualToEntranceFee();

// error Dussehra__AlreadyClaimedAmount();

// error ChoosingRam__TimeToBeLikeRamIsNotFinish();

// error ChoosingRam__EventIsFinished();

Dussehra public dussehra;

RamNFT public ramNFT;

ChoosingRam public choosingRam;

address public organiser = makeAddr("organiser");

address public player1 = makeAddr("player1");

function setUp() public {

vm.startPrank(organiser);

ramNFT = new RamNFT();

choosingRam = new ChoosingRam(address(ramNFT));

dussehra = new Dussehra(1 ether, address(choosingRam), address(ramNFT));

ramNFT.setChoosingRamContract(address(choosingRam));

vm.stopPrank();

}

// Audit tests

function test_enterAfterFinishDate() public {

// Warp to well past the finish date.

// 2024-10-20 23:11:54 UTC

vm.warp(1729465914 + 1);

// At this stage killRavana has been called,

// and the funds have been sent to the organiser and

// allocated to the winner.

// Any new funds deposited are unaccounted for an will remain

// stuck in the contract.

vm.startPrank(player1);

vm.deal(player1, 1 ether);

// this player can never win and there money is lost.

dussehra.enterPeopleWhoLikeRam{value: 1 ether}();

vm.stopPrank();

assertEq(address(dussehra).balance, (1 ether));

}

Test Result

forge test --mt test_enterAfterFinishDate -vv

[⠊] Compiling...

[⠒] Compiling 1 files with 0.8.20

[⠘] Solc 0.8.20 finished in 4.66s

Compiler run successful!

Ran 1 test for test/EnterAfterFinished.t.sol:IncreaseValueTest

[PASS] test_enterAfterFinishDate() (gas: 186070)

Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 2.23ms (301.52µs CPU time)

Ran 1 test suite in 443.39ms (2.23ms CPU time): 1 tests passed, 0 failed, 0 skipped (1 total tests)

Recommended mitigation

Check the dates in the Dussehra::enterPeopleWhoLikeRam function to prevent players from entering past the due date for selection.

References

https://github.com/Cyfrin/2024-06-Dussehra/blob/9c86e1b09ed9516bfbb3851c145929806da75d87/src/Dussehra.sol#L52

Tools Used

Manual Review

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Invalid - enter people after event or after Ram is selected

It is the user's responsibility to check the date of the event.

Rewards breakdown

nSLOC

218

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!