Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Deadline not initialized

ognjenovicuros

Summary

The deadline is not set in the constructor during the creation of the contract so the deadlinevariable will have the default value for uint256, which is 0.

Vulnerability Details

The contract defines the deadlinevariable, which is the deadline until which attendees can sign up for dinner. However, since the variable is not set in the constructor, it will have the value 0 (default value for uint256). This vulnerability will break the logic of all the functions which implement the beforeDeadlinemodifier because the part of the code which checks the deadline will always revert:

if(block.timestamp > deadline) {
revert BeyondDeadline();
}

Impact

The vulnerability renders the deposit function unusable and doesn't let anyone join the dinner unless the host calls the setDeadlinefunction.

Tools Used

Manual inspection.

Recommendations

The deadlineshould be set in the constructor during the creation of the contract::

constructor (address _WBTC, address _WETH, address _USDC, uint256 _deadline) {
host = msg.sender;
deadline = _deadline;
i_WBTC = IERC20(_WBTC);
whitelisted[_WBTC] = true;
i_WETH = IERC20(_WETH);
whitelisted[_WETH] = true;
i_USDC = IERC20(_USDC);
whitelisted[_USDC] = true;
}

`

Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!