First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Centralization Risk

bbash

Summary

selectRamIfNotSelected is supposed to be called by the organizer to select Ram if not selected by the user. However, the organizer may decide not to call it.

Vulnerability Details

https://github.com/Cyfrin/2024-06-Dussehra/blob/main/src/ChoosingRam.sol#L83

function selectRamIfNotSelected() public RamIsNotSelected OnlyOrganiser {
if (block.timestamp < 1728691200) {
revert ChoosingRam__TimeToBeLikeRamIsNotFinish();
}
if (block.timestamp > 1728777600) {
revert ChoosingRam__EventIsFinished();
}
uint256 random = uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao))) % ramNFT.tokenCounter();
selectedRam = ramNFT.getCharacteristics(random).ram;
isRamSelected = true;
}

According to the documentation,
selectRamIfNotSelected - Allows the organizer to select Ram if not selected by the user.
This function is supposed to be called by the organizer if the user does not select Ram. Therefore, there is some dependency on the organizer.

Impact

Centralization risk

Tools Used

Manual Review

Recommendations

Reduce dependency on the organizer.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Invalid - `selectRamIfNotSelected` is not called

The organizer is trusted and he/she will call the `selectRamIfNotSelected`.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.