Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

M-02: `ChristmasDinner::deadline` can be set unlimited times

0xlasadie

Summary

The deadline of the protocol can be set for unlimited times as ChristmasDinner::deadlineSet is never set as True by ChristmasDinner::setDeadline().

Vulnerability Details

ChristmasDinner::setDeadline() does not update ChristmasDinner::deadlineSet to true after updating

function setDeadline(uint256 _days) external onlyHost {
if(deadlineSet) {
revert DeadlineAlreadySet();
} else {
deadline = block.timestamp + _days * 1 days;
emit DeadlineSet(deadline);
}
}

Impact

After deadline is set once, we can set it again to another timestamp

function testDeadlineCanBeSetMultipleTimes() public {
// Set deadline for the first time
vm.startPrank(deployer);
cd.setDeadline(1);
console.log("deadline: ", cd.deadline());
assertEq(cd.deadlineSet(), false, "deadlineSet is true");
// Set deadline for the second time
cd.setDeadline(2);
console.log("deadline: ", cd.deadline());
assertEq(cd.deadlineSet(), false, "deadlineSet is true");
vm.stopPrank();
}

Results

[PASS] testDeadlineCanBeSetMultipleTimes() (gas: 33254)
Logs:
deadline: 86401
deadline: 172801
Traces:
[33254] ChristmasDinnerTest::testDeadlineCanBeSetMultipleTimes()
├─ [0] VM::startPrank(deployer: [0xaE0bDc4eEAC5E950B67C6819B118761CaAF61946])
│ └─ ← [Return]
├─ [10831] ChristmasDinner::setDeadline(1)
│ ├─ emit DeadlineSet(: 86401 [8.64e4])
│ └─ ← [Stop]
├─ [363] ChristmasDinner::deadline() [staticcall]
│ └─ ← [Return] 86401 [8.64e4]
├─ [0] console::log("deadline: ", 86401 [8.64e4]) [staticcall]
│ └─ ← [Stop]
├─ [399] ChristmasDinner::deadlineSet() [staticcall]
│ └─ ← [Return] false
├─ [0] VM::assertEq(false, false, "deadlineSet is true") [staticcall]
│ └─ ← [Return]
├─ [1931] ChristmasDinner::setDeadline(2)
│ ├─ emit DeadlineSet(: 172801 [1.728e5])
│ └─ ← [Stop]
├─ [363] ChristmasDinner::deadline() [staticcall]
│ └─ ← [Return] 172801 [1.728e5]
├─ [0] console::log("deadline: ", 172801 [1.728e5]) [staticcall]
│ └─ ← [Stop]
├─ [399] ChristmasDinner::deadlineSet() [staticcall]
│ └─ ← [Return] false
├─ [0] VM::assertEq(false, false, "deadlineSet is true") [staticcall]
│ └─ ← [Return]
├─ [0] VM::stopPrank()
│ └─ ← [Return]
└─ ← [Stop]
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 5.01s (891.26ms CPU time)

Tools Used

Foundry

Recommendations

Update the bool deadlineSet to True after setting the deadline

function setDeadline(uint256 _days) external onlyHost {
if(deadlineSet) {
revert DeadlineAlreadySet();
} else {
deadline = block.timestamp + _days * 1 days;
+ deadlineSet = true;
emit DeadlineSet(deadline);
}
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

deadline is never set to true

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!