First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

The `Dussehra::killRavana` function is not called.

_frolic

Summary

If the Dussehra::killRavana function is not called during the Mahurat all the funds in the contract will be stuck.

Vulnerability Details

The Dussehra::killRavana function can only be called during the Mahurat which means any call to it before or after the Mahurat will revert.

Code
function test_RavannaNotKilled() public Moreparticipants selectedRam {
vm.warp(1728777669 + 1);
vm.expectRevert(
abi.encodeWithSelector(Dussehra__MahuratIsFinished.selector)
);
vm.startPrank(player2);
dussehra.killRavana();
vm.stopPrank();
vm.expectRevert();
vm.startPrank(player3);
dussehra.withdraw();
vm.stopPrank();
}

Impact

If the Dussehra::killRavana function is not called and the Mahurat has ended then the ether in the contract will be stuck as the withdraw function only works if the Dussehra::killRavana function has been called.

Tools Used

Manual analysis

Recommendations

Add a backup withdraw fuction that can remove the funds from the contract if the Dussehra::killRavana function is not called.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Invalid - `killRavana` is not called

The organizer is trusted and he/she will call the `killRavana` function.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.