First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Possibility of Permanent Fund Lock

yaioxy

Summary

If the Dussehra::killRavana function is not called between October 12 and October 13, the funds will be lost forever as there is no mechanism to retrieve the Ether.

Vulnerability Details

The function killRavana can only be called within a specific time window (before October 13). If not called within this window, the funds will be locked in the contract indefinitely.

function killRavana() public RamIsSelected {
if (block.timestamp < 1728691069) {
revert Dussehra__MahuratIsNotStart();
}
if (block.timestamp > 1728777669) {
revert Dussehra__MahuratIsFinished();
}
IsRavanKilled = true;
uint256 totalAmountByThePeople = WantToBeLikeRam.length * entranceFee;
totalAmountGivenToRam = (totalAmountByThePeople * 50) / 100;
(bool success, ) = organiser.call{value: totalAmountGivenToRam}("");
require(success, "Failed to send money to organiser");
}

The only other way to retrieve funds from the contract is Dussehra::withdraw function, but this function cannot be called before killRavana due to all restrictions.

Impact

All Ether contributed by participants will be permanently locked in the contract.

Tools Used

Manual review.

Recommendations

Implement a fallback mechanism to allow fund retrieval after the specified time window. And giving access to onlyOrganiser.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Invalid - `killRavana` is not called

The organizer is trusted and he/she will call the `killRavana` function.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.