Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Invalid

The `organizer` state variable in the `ThePredicter.sol` contract is mutable, allowing any user to change it after deployment of contract.

Summary : The state variable organizer is not assigned as immutable hence it could be altered by any user after the deployment of the ThePredicter.sol contract. This change of organizer could have a devastating effect on the contract ThePredicter would no longer be centralized and the user money will be at risk.

Vulnerability Details : The following line of code in the ThePredictercontract :-

https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ThePredicter.sol#L19

address public organizer;

A mutable organizer variable would allow anyone to change the contract's organizer, violating the contract's fundamental properties.

Impact : Anyone can set/change the `organizer` of the contract after dedployment , severly breaking the contract intended functionality and the funds in contract can be stolen.

Tools Used : Manual Review

Recommendations : Changing the address public organizer state variable in the ThePredicter.sol contract to address private immutable organizer will prevent it from being modified after contract deployment.

Updates

Lead Judging Commences

NightHawK Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.