Dussehra::killRavana
does not implement a check to see if it has already been called, allowing a malicious organiser
to call the function twice, draining the contract.
A check does not exist in the Dussehra::killRavana
function to see if IsRavanKilled
is already set to true
. This allows killRavana
to be called repeatedly.
Add the following test case to Dussehra.t.sol
:
Then, run the test:
Since killRavana
can be called multiple times, it means that the organiser
can receive more ETH than they are entitled to.
For example, say 100 people have entered the event and all paid an entranceFee
of 1 ether. 100 ether is in the contract, 50 ether is intended for the organiser
and the other 50 ether is intended for the selectedRam
. Once ChoosingRam::selectRamIfNotSelected
has been called, a subsequent killRavana
is required. The following scenario is possible:
On the first call:
totalAmountByThePeople
= 100 (WantToBeLikeRam.length
) * 1 ether (entranceFee
) = 100 ether
totalAmountGivenToRam
= (100 ether * 50) / 100 = 50 ether
organiser
is then sent totalAmountGivenToRam
(50) ether
50 ether remains in the contract
Since no check exists to see if this has already happened, during a second call:
totalAmountByThePeople
= 100 (WantToBeLikeRam.length
) * 1 ether (entranceFee
) = 100 ether
totalAmountGivenToRam
= (100 ether * 50) / 100 = 50 ether
organiser
is then sent totalAmountGivenToRam
(50) ether
0 ether remains in the contract
Now, when the selectedRam
calls withdraw
, there is not enough ether in the contract to fulfill the withdrawal.
Manual Review
killRavana
should implement a check to see if IsRavanKilled
is already set to true
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.