Unable to claim winnings
Summary
ChoosingRam::increaseValuesOfParticipants does not set isRamSelected = true if all characteristics are true.
Vulnerability Details
Dussehra::killRavana & Dussehra::withdraw are protected by the Dussehra::RamIsSelected modifier, thus, a user will have all characteristics equal to true, but will not be able to claim their winnings because RamIsSelected will be false.
Impact
The winner will not be able to claim their rewards and will force the owner of the protocol to send the rewards to a random participant via selectRamIfNotSelected to get the money out of the protocol.
Tools Used
Unit test
Code
function test_increaseValuesOfParticipantsDoesntSetIsRamSelectedToTrue()
public
participants
{
vm.startPrank(player1);
choosingRam.increaseValuesOfParticipants(0, 1);
choosingRam.increaseValuesOfParticipants(0, 1);
choosingRam.increaseValuesOfParticipants(0, 1);
choosingRam.increaseValuesOfParticipants(0, 1);
choosingRam.increaseValuesOfParticipants(0, 1);
vm.stopPrank();
assertEq(ramNFT.getCharacteristics(1).isJitaKrodhah, true);
assertEq(ramNFT.getCharacteristics(1).isDhyutimaan, true);
assertEq(ramNFT.getCharacteristics(1).isVidvaan, true);
assertEq(ramNFT.getCharacteristics(1).isAatmavan, true);
assertEq(ramNFT.getCharacteristics(1).isSatyavaakyah, true);
assertEq(choosingRam.isRamSelected(), false);
vm.expectRevert("Ram is not selected yet!");
dussehra.killRavana();
}
Recommendations
When the last conditional is triggered in ChoosingRam::increaseValuesOfParticipants set isRamSelected = true after the selectedRam is set.
Lead Judging Commences
`isRamSelected` is not set
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.