`isRamSelected` is not updated in `increaseValuesOfParticipants` function
Summary
When ram is selected in ChoosingRam::increaseValuesOfParticipants function, the isRamSelected state is not updated. This leads to a vulnerability where the selected ram can be overwritten multiple times.
Vulnerability Details
The increaseValuesOfParticipants function allows for the selection of a ram and sets the selectedRam variable. However, the isRamSelected state is not updated to true after a ram is selected. This omission allows the selectedRam to be overwritten repeatedly until the date limit is reached and the selectRamIfNotSelected function is called. Consequently, the selectedRam is going to be set randomly by the organiser, overwriting the previously selected ram.
Impact
The
selectedRamcan be overwritten multiple times, leading to inconsistent selection.The organiser have to overwrite the previously selected ram with a random selection, so they can kill ravana and withdraw funds, undermining the integrity of the selection process.
Tools Used
Manual review.
Recommendations
Add isRamSelected = true after setting the selectedRam in the increaseValuesOfParticipants function to ensure that the selection process is finalized and cannot be overwritten.
Lead Judging Commences
`isRamSelected` is not set
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.