Christmas Dinner

First Flight #31

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

'refund()' leaves the participants status TRUE

chrissavov

Summary

The refund() function in ChristmasDinner.sol does not remove the caller from the list of participants after returning their funds. This contradicts the expected behavior that a user who has requested a refund before the deadline should no longer be considered a participant.

Vulnerability Details

function refund() external nonReentrant beforeDeadline {

address payable _to = payable(msg.sender);

_refundERC20(_to);

_refundETH(_to);

emit Refunded(msg.sender);

}

Currently, there is no state update that sets participant[msg.sender] to false. Consequently, the user remains a participant even though their deposited tokens and Ether have been returned to them.

POC

function test_refundWithinDeadlineAndRemoveParticipation() public {

uint256 depositAmount = 1e18;

vm.startPrank(user1);

cd.deposit(address(weth), depositAmount);

// User is a participant

assertEq(cd.getParticipationStatus(user1), true);

// Move time forward but still before the deadline

vm.warp(block.timestamp + 3 days);

// Refund

cd.refund();

// Expect participant status to be false, but it remains true (test fails here)

assertEq(cd.getParticipationStatus(user1), false);

vm.stopPrank();

}

Running:
forge test --mt test_refundWithinDeadlineAndRemoveParticipation
fails with:
[FAIL: assertion failed: true != false]

Impact

**Users Remain Marked as Participants:**Conflicts with the contract’s intended logic of removing attendees once they refund their deposits.
Incorrect Contract State:
On-chain data is misleading, potentially affecting host decisions or other logic (like changing the host or total count of participants).

Tools Used

Manual review, foundry

Recommendations

Set Participant to false in refund()
For example:

function refund() external nonReentrant beforeDeadline {

address payable _to = payable(msg.sender);

_refundERC20(_to);

_refundETH(_to);

participant[msg.sender] = false; // Mark as non-participant

emit Refunded(msg.sender);

}

Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

refund does not update participation status

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!