Submission Details
Severity:
ETH Deposits Don't Update Participation Status
Summary
Users depositing ETH are not marked as participants.
Vulnerability Details
// @audit no status update on the participants
receive() external payable {
etherBalance[msg.sender] += msg.value;
emit NewSignup(msg.sender, msg.value, true);
}
In the receive()there is no status update on the participants.
Impact
Users depositing ETH won't be properly tracked as participants despite contributing funds. Users who deposited with the ETH will think they are part of the dinner but actually because of the bug in the receive()they are not. And also, even if they won't a refund, they won't be eligible since the refund()checks if the msg.senderis a participant which they are not.
Tools Used
Manual review
Recommendations
Users who deposit with ETH should be updated as participants in the receive()
receive() external payable {
etherBalance[msg.sender] += msg.value;
@-> participant[msg.sender] = true;
emit NewSignup(msg.sender, msg.value, true);
}
Updates
Lead Judging Commences
0xtimefliez about 1 year ago
Submission Judgement Published Assigned finding tags:
receive does not update participation status
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.