First Flight #17: Dussehra

First Flight #17

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

isRamSelected is not set to true after user is selected as ram

josh4324

Summary

The ChoosingRam::increaseValuesOfParticipants function is designed to allow a challenger to compete against another participant, with the winner's characteristics being updated. However, when a user successfully wins the challenge, the isRamSelected variable is not updated. This variable is crucial for the RamIsNotSelected modifier, which ensures that certain functions do not run once the ram has been selected.

Vulnerability Details

Function Affected: ChoosingRam::increaseValuesOfParticipants

Variable Affected: isRamSelected

Issue: The function does not update the isRamSelected variable after a challenge is won.

Modifier Affected: RamIsNotSelected

Exploitation: As isRamSelected remains unchanged, functions guarded by the RamIsNotSelected modifier can be executed even after the ram should have been considered selected. This can lead to unauthorized actions and potential manipulation of the contract's logic.

POC

function test_increaseValuesOfParticipantsToSelectRam() public participants {

vm.startPrank(player1);

choosingRam.increaseValuesOfParticipants(0, 1);

vm.stopPrank();

assertEq(choosingRam.isRamSelected(), false);

assertEq(ramNFT.getCharacteristics(1).isSatyavaakyah, true);

}

Impact

Functional Integrity: The failure to update isRamSelected compromises the integrity of the contract's functionality, as certain operations intended to be restricted after ram selection can still be performed.

Security: Unauthorized actions may occur due to the modifier RamIsNotSelected not working as intended.

Tools Used

Manual Review

Recommendations

To address this vulnerability, ensure that the isRamSelected variable is correctly updated when a user wins the challenge in the ChoosingRam::increaseValuesOfParticipants function.

function increaseValuesOfParticipants(uint256 tokenIdOfChallenger, uint256 tokenIdOfAnyPerticipent)

public

RamIsNotSelected

{

if (tokenIdOfChallenger > ramNFT.tokenCounter()) {

revert ChoosingRam__InvalidTokenIdOfChallenger();

}

if (tokenIdOfAnyPerticipent > ramNFT.tokenCounter()) {

revert ChoosingRam__InvalidTokenIdOfPerticipent();

}

if (ramNFT.getCharacteristics(tokenIdOfChallenger).ram != msg.sender) {

revert ChoosingRam__CallerIsNotChallenger();

}

if (block.timestamp > 1728691200) {

revert ChoosingRam__TimeToBeLikeRamFinish();

}

uint256 random =

uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender))) % 2;

if (random == 0) {

if (ramNFT.getCharacteristics(tokenIdOfChallenger).isJitaKrodhah == false){

ramNFT.updateCharacteristics(tokenIdOfChallenger, true, false, false, false, false);

} else if (ramNFT.getCharacteristics(tokenIdOfChallenger).isDhyutimaan == false){

ramNFT.updateCharacteristics(tokenIdOfChallenger, true, true, false, false, false);

} else if (ramNFT.getCharacteristics(tokenIdOfChallenger).isVidvaan == false){

ramNFT.updateCharacteristics(tokenIdOfChallenger, true, true, true, false, false);

} else if (ramNFT.getCharacteristics(tokenIdOfChallenger).isAatmavan == false){

ramNFT.updateCharacteristics(tokenIdOfChallenger, true, true, true, true, false);

} else if (ramNFT.getCharacteristics(tokenIdOfChallenger).isSatyavaakyah == false){

ramNFT.updateCharacteristics(tokenIdOfChallenger, true, true, true, true, true);

selectedRam = ramNFT.getCharacteristics(tokenIdOfChallenger).ram;

+ isRamSelected = true;

}

} else {

if (ramNFT.getCharacteristics(tokenIdOfAnyPerticipent).isJitaKrodhah == false){

ramNFT.updateCharacteristics(tokenIdOfAnyPerticipent, true, false, false, false, false);

} else if (ramNFT.getCharacteristics(tokenIdOfAnyPerticipent).isDhyutimaan == false){

ramNFT.updateCharacteristics(tokenIdOfAnyPerticipent, true, true, false, false, false);

} else if (ramNFT.getCharacteristics(tokenIdOfAnyPerticipent).isVidvaan == false){

ramNFT.updateCharacteristics(tokenIdOfAnyPerticipent, true, true, true, false, false);

} else if (ramNFT.getCharacteristics(tokenIdOfAnyPerticipent).isAatmavan == false){

ramNFT.updateCharacteristics(tokenIdOfAnyPerticipent, true, true, true, true, false);

} else if (ramNFT.getCharacteristics(tokenIdOfAnyPerticipent).isSatyavaakyah == false){

ramNFT.updateCharacteristics(tokenIdOfAnyPerticipent, true, true, true, true, true);

selectedRam = ramNFT.getCharacteristics(tokenIdOfAnyPerticipent).ram;

+. isRamSelected = true;

}

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

`isRamSelected` is not set

Rewards breakdown

nSLOC

218

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.