First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

`Dussehra::enterPeopleWhoLikeRam` function does not have limitations when it can be called which can lead to people entering the event after it's finished.

mirkopezo

Summary

The enterPeopleWhoLikeRam function in the Dussehra contract lacks time constraints, allowing participants to enter even after the event has concluded. This can lead to funds being permanently locked in the contract and participants paying for an event that has already ended.

Vulnerability Details

// @audit - can be called after event is finished
function enterPeopleWhoLikeRam() public payable {
if (msg.value != entranceFee) {
revert Dussehra__NotEqualToEntranceFee();
}
if (peopleLikeRam[msg.sender] == true){
revert Dussehra__AlreadyPresent();
}
peopleLikeRam[msg.sender] = true;
WantToBeLikeRam.push(msg.sender);
ramNFT.mintRamNFT(msg.sender);
emit PeopleWhoLikeRamIsEntered(msg.sender);
}

Dussehra::enterPeopleWhoLikeRam function allows anyone to enter the event and mint Ram NFT for entrance fee. Problem arises because function does not have any limitations when it can be called, so people could enter event even after it's finished and all funds will be stuck forever in contract. Also people could think they entered the event but then realize event is finished and their money is wasted.

  1. Two players mint their Ram NFTs.

  2. Organiser calls ChoosingRam::selectRamIfNotSelected function and selects one of player as selected Ram.

  3. Random caller calls Dussehra::killRavana function to kill Ravana.

  4. Selected Ram calls Dussehra::withdraw function to withdraw his reward. Event is finished.

  5. Warp into future. Player3 can still enter the event by calling Dussehra::enterPeopleWhoLikeRam function.

  6. Assert that player3 spent money for entrance fee.

PoC

Place the following test into Dussehra.t.sol.

function test_peopleCanEnterAfterEventIsFinished() public participants {
vm.warp(1728691200 + 1);
vm.prank(organiser);
choosingRam.selectRamIfNotSelected();
dussehra.killRavana();
vm.prank(choosingRam.selectedRam());
dussehra.withdraw();
uint256 balanceBefore = address(dussehra).balance;
vm.warp(1730000000);
vm.deal(player3, 1 ether);
vm.prank(player3);
dussehra.enterPeopleWhoLikeRam{value: 1 ether}();
assertTrue(address(dussehra).balance == balanceBefore + 1 ether);
}

Impact

When participants enter the event after event is finished, funds will be stuck forever in contract. Also it would confuse people because they could think they entered the event correctly but then realize event is finished and they can't be selected Ram.

Tools Used

Manual review

Recommendations

Add modifier RamIsNotSelected to Dussehra::enterPeopleWhoLikeRam function to prevent that function can be called after event is finished.

+ modifier RamIsNotSelected() {
+ require(!choosingRamContract.isRamSelected(), "Ram is already selected!");
+ _;
+ }
.
.
- function enterPeopleWhoLikeRam() public payable {
+ function enterPeopleWhoLikeRam() public payable RamIsNotSelected {
if (msg.value != entranceFee) {
revert Dussehra__NotEqualToEntranceFee();
}
if (peopleLikeRam[msg.sender] == true){
revert Dussehra__AlreadyPresent();
}
peopleLikeRam[msg.sender] = true;
WantToBeLikeRam.push(msg.sender);
ramNFT.mintRamNFT(msg.sender);
emit PeopleWhoLikeRamIsEntered(msg.sender);
}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Invalid - enter people after event or after Ram is selected

It is the user's responsibility to check the date of the event.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.