Christmas Dinner

First Flight #31

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Improper implementation of refund function.

patelshab0207

Summary

Participant can still join event even after getting his amount refunded. There is no code to remove participant from event in refund function.

Vulnerability Details

In `ChristmasDinner.sol:refund' function there is no logic to remove participant from event .

function refund() external nonReentrant beforeDeadline {

address payable _to = payable(msg.sender);

_refundERC20(_to);

_refundETH(_to);

emit Refunded(msg.sender);

}

Poc:

Attacker can participate by depositing token.
Then he can call refund function and get his token back, but he will still be able to participate because 'participant[msg.sender]' 's value is still "true".
Following foundry test shows that

function test_refundWithinDeadline() public {

uint256 depositAmount = 1e18;

uint256 userBalanceBefore = weth.balanceOf(user1);

vm.startPrank(user1);

cd.deposit(address(weth), depositAmount);

assertEq(weth.balanceOf(address(cd)), depositAmount);

assertEq(weth.balanceOf(user1), userBalanceBefore - depositAmount);

vm.warp(1 + 3 days);

cd.refund();

assertEq(weth.balanceOf(address(cd)), 0);

assertEq(weth.balanceOf(user1), userBalanceBefore);

assertEq(cd.getParticipationStatus(user1), true);

}

line "assertEq(cd.getParticipationStatus(user1), true)" asserts that participant can still participate.

Impact

There is direct loss of funds because attacker can join event at free of cost.

Tools Used

Manual review and foundry

Recommendations

Adding following code in refund function will cancel participant's joining of event by setting "participant[msg.sender]" to false.

participant[msg.sender] = true;

Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

refund does not update participation status

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!