Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Hardcoded whitelisted tokens

prathu032

Summary :The ChristmasDinner contract has a limitation regarding token whitelisting. The current implementation does not allow the host to update or modify the whitelist of accepted tokens, which reduces the contract's flexibility and usability.

Vulnerability Details :In the constructor, three tokens (WBTC, WETH, and USDC) are hardcoded and added to the whitelist. However, there is no mechanism for the host to update this list. This design choice prevents the addition of new tokens or the removal of existing ones, creating a rigid system that cannot adapt to changing requirements, which might ignore people who are willing to participate but don't have whitlisted token at that time.Thus, we can make dinner invite more scalable and flexible.

Impact:

Inflexibility: The host cannot add or remove tokens to support new use cases or adapt to unforeseen requirements.

  • Reduced Utility: The inability to support additional tokens limits the contract’s applicability for diverse payment scenarios.

Tools Used : manual

Recommendations: Implement a function to allow the host to update the whitelist of tokens dynamically. The function should be restricted to the onlyHost modifier to ensure only the host can execute it.


  • */

  • ```function updateWhitelist(address _token, bool _status) external onlyHost {whitelisted[_token] = _status;} `

Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Appeal created

prathu032 Submitter
about 1 year ago
0xtimefliez Lead Judge
about 1 year ago
0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!