Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Ether Can Be Deposited After Deadline

m3dython

Location

receive() external payable {
etherBalance[msg.sender] += msg.value;
emit NewSignup(msg.sender, msg.value, true);
}

Issue
Unlike the deposit() function for ERC20 tokens, which checks beforeDeadline, the receive() function for Ether does not verify the current timestamp. This allows users to deposit Ether even after the deadline has passed.

Root Cause

  • The receive() fallback function lacks the beforeDeadline modifier or any equivalent deadline check.

Potential Impact

  • The contract logic states that deposits and refunds should not happen after the deadline. However, Ether deposits will remain possible, conflicting with the intended logic and potentially allowing late joiners or undesired behaviors.

Recommendation

  • Enforce the beforeDeadline logic in the receive() function. For instance:

    receive() external payable {
    require(block.timestamp <= deadline, "BeyondDeadline");
    etherBalance[msg.sender] += msg.value;
    emit NewSignup(msg.sender, msg.value, true);
    }

  • If deliberately allowing Ether after the deadline is intended, clarify it in documentation. Otherwise, ensure consistency with the rest of the design.

Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

receive() function independant from deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!