Submission Details
Severity:
`RamIsSelected` modifier could held the `killRavana()`
Summary
Unless the organizer use the function selectRamIfNotSelcted() No one can kill Ravana.
Vulnerability Details
As we see in Dussehra.sol::killRavana() it checks wether isRamSelected is true or false.
function killRavana() public RamIsSelected {
if (block.timestamp < 1728691069) {
revert Dussehra__MahuratIsNotStart();
}
if (block.timestamp > 1728777669) {
revert Dussehra__MahuratIsFinished();
}
IsRavanKilled = true;
uint256 totalAmountByThePeople = WantToBeLikeRam.length * entranceFee;
totalAmountGivenToRam = (totalAmountByThePeople * 50) / 100;
(bool success, ) = organiser.call{value: totalAmountGivenToRam}("");
require(success, "Failed to send money to organiser");
}
The only function that can modify this bool is the selectRamIfNotSelected(), which need to be called by the organizer.
Impact
Player couldn't kill the Ravana and can't get reward.
Tools Used
Manual Analysis
Recommendations
Can add modifier to check selectedRam != address(0) to ensure ram is selected and use that instead of the isRamSelected bool.
Updates
Lead Judging Commences
bube over 1 year ago
Submission Judgement Published Assigned finding tags:
`isRamSelected` is not set
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.