First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect timestamp check in `killRavana` function

bbash

Summary

Incorrect timestamp check in killRavana function.

Vulnerability Details

According to the documentation in the contest page,

killRavana - Allows users to kill Ravana and Organiser will get half of the total amount collected in the event. this function will only work after 12th October 2024 and before 13th October 2024.

Therefore, killRavana function should be allowed to be called strictly after 12th October and before 13th October. However, in this function

https://github.com/Cyfrin/2024-06-Dussehra/blob/main/src/Dussehra.sol#L67-L79

function killRavana() public RamIsSelected {
if (block.timestamp < 1728691069) {
revert Dussehra__MahuratIsNotStart();
}
if (block.timestamp > 1728777669) {
revert Dussehra__MahuratIsFinished();
}
IsRavanKilled = true;
uint256 totalAmountByThePeople = WantToBeLikeRam.length * entranceFee;
totalAmountGivenToRam = (totalAmountByThePeople * 50) / 100;
(bool success, ) = organiser.call{value: totalAmountGivenToRam}("");
require(success, "Failed to send money to organiser");
}

it is observed that the timestamps are incorrect.

if (block.timestamp < 1728691069) { //@audit Oct 11 2024 23:57:49
revert Dussehra__MahuratIsNotStart();
}
if (block.timestamp > 1728777669) { //@audit Oct 13 2024 00:01:09
revert Dussehra__MahuratIsFinished();
}

Impact

Allows users to call the killRavana function even before 12th October and also after 13th October.

Tools Used

Manual Review

Recommendations

Implement the correct timestamps to ensure killRavana function can be called only during the Mahurat.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect timestamp

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.