Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

[M-1] Missing deadline initialization check enables contract operation without timelock

jmakwana01

Summary

The contract can be used without ever setting a deadline, as there's no requirement to initialize the deadline before accepting deposits.

Vulnerability Details

function deposit(address _token, uint256 _amount) external beforeDeadline {
if(!whitelisted[_token]) {
revert NotSupportedToken();
}
// No check if deadline is set
// ...
}

The beforeDeadline modifier only checks block.timestamp > deadline, but when deadline is 0 (unset), this still allows deposits.

Impact

  • Medium: Contract can operate without time restrictions

  • Coordination mechanism becomes ineffective

  • Users might deposit without knowing the event timeline

Tools Used

  • Foundry for testing

  • Manual code review

function test_operateWithoutDeadline() public {
vm.startPrank(user1);
weth.mint(user1, 1 ether);
weth.approve(address(dinner), 1 ether);
// Can deposit without deadline set
dinner.deposit(address(weth), 1 ether);
// Verify deposit succeeded without deadline
assertEq(weth.balanceOf(address(dinner)), 1 ether);
vm.stopPrank();
}

Recommendations

Add deadline initialization check:

function deposit(address _token, uint256 _amount) external beforeDeadline {
require(deadlineSet, "Deadline not initialized");
// ... rest of function
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
0xtimefliez Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.