First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

The `killRavana` function could be called multiple times.

yaioxy

Summary

The Dussehra::killRavana function can be called multiple times, allowing the organiser to receive the full amount of Ether contributed by participants instead of just half.

Vulnerability Details

The function killRavana lacks a mechanism to prevent multiple executions. Each call to killRavana transfers 50% of the total contributed Ether to the organiser. Multiple calls result in the organiser receiving more than the intended 50%.

Proof of Concept

Pass the following test in Dussehra.t.sol

function test_organiserHaveAllContribution() public participants {
vm.warp(1728691200 + 1);
vm.startPrank(organiser);
choosingRam.selectRamIfNotSelected();
vm.stopPrank();
uint256 initialContractBalance = address(dussehra).balance;
vm.startPrank(player2);
// Call killRavana twice to proove that organiser will have 100% of the contribution
dussehra.killRavana();
dussehra.killRavana();
vm.stopPrank();
assertEq(organiser.balance, initialContractBalance);
}

Impact

The organiser can drain all the Ether from the contract, leaving nothing for the selected Ram.

Tools Used

Manual review.

Recommendations

Implement a check to ensure killRavana can only be called once:

function killRavana() public RamIsSelected {
+ require(!IsRavanKilled, "Ravan is already killed!");
.
.
.
}
Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

isRavanKilled is not checked

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.