Submission Details
Severity:
`enterPeopleWhoLikeRam` can be called after `ram` is selected (game is ended).
Summary
enterPeopleWhoLikeRam can be called after ram is selected (game is ended).
Vulnerability Details
enterPeopleWhoLikeRam function doesn't check if ram is selected, so user can also call this function later.
If user calls this function after ram is selected, then he should pay mint fee but can not get opportunity to become ram.
Selecting Ram means game over
Impact
User can mint unnecessary RamNFT even though he can't become Ram.
Tools Used
Manual review
Recommendations
If Ram is selected, prevent users from calling enterPeopleWhoLikeRam function.
function enterPeopleWhoLikeRam() public payable {
if (msg.value != entranceFee) {
revert Dussehra__NotEqualToEntranceFee();
}
++ require(!choosingRamContract.isRamSelected(), "Ram has been selected already!");
if (peopleLikeRam[msg.sender] == true){
revert Dussehra__AlreadyPresent();
}
peopleLikeRam[msg.sender] = true;
WantToBeLikeRam.push(msg.sender);
ramNFT.mintRamNFT(msg.sender);
emit PeopleWhoLikeRamIsEntered(msg.sender);
}
Updates
Lead Judging Commences
bube over 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Invalid - enter people after event or after Ram is selected
It is the user's responsibility to check the date of the event.
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.