Christmas Dinner

Summary

In the ChristmasDinner contract, the deadlineSet variable is not updated to true after the setDeadline function is called. This allows the host to repeatedly call the setDeadline function and modify the deadline, undermining the intended one-time restriction on setting a deadline.

Vulnerability Details

The ChristmasDinner contract contains a flaw in the setDeadline function, where the deadlineSet variable is not properly updated to true after the deadline is set. This failure allows the host to repeatedly call the setDeadline function and modify the deadline without restriction, bypassing the intended one-time limit. As a result, the contract's functionality can be manipulated by the host, enabling them to arbitrarily extend or change the deadline, which could lead to unfair advantages and potential misuse of the contract by the host.

Impact

Integrity of the Contract: This issue compromises the contract’s integrity, as the deadline should be set once and remain fixed. Repeated changes could lead to unpredictable behavior and potentially disrupt the fairness of the system, also if the host deside he can make the contract to 0 days and to the current timestamp making the contract unusable and drainig everything.

Arbitrary Deadline Manipulation: The host can repeatedly reset the deadline, allowing them to extend or alter the deadline as they wish, which undermines the intended logic of the contract.

Potential for Abuse: The ability to manipulate the deadline opens the door for unfair advantages, as the host can delay or change the deadline to suit their own needs, possibly disadvantaging participants who are unaware of the changes.

Tools Used

Manual code review

Recommendations

This update will ensure that once the deadline is set, it cannot be changed again because deadlineSet will be true, and any further attempts to set the deadline will be reverted.