Incorrect Time check for Dussehra::killRavana()
Summary
According to the documentation, the selected ram should only be able to kill ravana after 12 October 2024 and before 13 October 2024. This translates to the timestamp 1728687600 for 12 October 2024 and 1728774000 for 13 October 2024. Which means it should be greater than 1728687600 and less than 1728774000 but the killRavana function uses block.timestamp > 1728777669 and block.timestamp < 1728691069. This means that the ram can only kill ravana after Sat Oct 12 2024 00:57:49 GMT+0100 and before Sun Oct 13 2024 01:01:09. This means the ram can actually kill ravana after 13 October 2024 and cannot kill ravana till after Sat Oct 12 2024 00:57:49.
Vulnerability Details
Function Affected: killRavana
Issue: Incorrect timestamp boundaries for the allowed timeframe.
Severity: High. The designated timeframe is critical for maintaining the event's integrity, and the incorrect timestamps could result in significant deviations from the expected behavior.
POC
The test below fails even thought it was called after october 12
Impact
Functional Integrity: The Ram may not be able to kill Ravana during the intended period, disrupting the event's expected flow and fairness.
Tools Used
Manual Review
Recommendations
Update the killRavana function to use the correct timestamp boundaries, ensuring the action is allowed only between 1728691200 and 1728777600.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.