Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

'dealineSet' is never set to TRUE, allowing repeated deadline reset

chrissavov

Summary

deadlineSet in ChristmasDinner.sol is never actually set to true within setDeadline(), even though the code checks it to block multiple deadline assignments. This oversight allows the host to call setDeadline() repeatedly, effectively resetting the deadline multiple times.

Vulnerability Details

function setDeadline(uint256 _days) external onlyHost {
if(deadlineSet) {
revert DeadlineAlreadySet();
} else {
deadline = block.timestamp + _days * 1 days;
emit DeadlineSet(deadline);
}
}

The deadlineSet boolean exists to ensure the deadline can only be set once. However, because there is no deadlineSet = true in the function body, this check never becomes effective. Multiple calls to setDeadline() always succeed.

Impact

Repeated Deadline Changes: The host can repeatedly postpone or change the event deadline, undermining the contract’s central premise of a single, immutable planning date.
Business Logic Violation: Attendees might not trust the contract if the host can shift deadlines at will, reducing the credibility of the “no-backsies” approach.

Tools Used

Manual review, foundry

Recommendations

function setDeadline(uint256 _days) external onlyHost {
if(deadlineSet) {
revert DeadlineAlreadySet();
} else {
deadline = block.timestamp + _days * 1 days;
++ deadlineSet = true;
emit DeadlineSet(deadline);
}
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

deadline is never set to true

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!