Users who deposit Ether do not become participants
Summary
In the current implementation of the ChristmasDinner contract, users who deposit Ether through the receive() function are not automatically marked as participants. This issue arises because the receive() function does not call the logic that registers the user as a participant
Vulnerability Details
The contract contains a receive() function that handles Ether depositsр however, when Ether is sent to the contract, it does not trigger the participant registration logic, which is only triggered by ERC20 token deposits in the deposit() function. As a result, users who send Ether to the contract are not added to the participant mapping, meaning they are not recognized as participants in the event.
Impact
Users who deposit Ether into the contract will not automatically become participants. As a result, they will not be able to attend the event or interact with the event in any capacity. Additionally, these users will not have the ability to become hosts later, as the contract fails to register them as participants upon Ether deposit. This prevents them from fully engaging with the event and receiving any benefits associated with participation, including hosting privileges.
Tools Used
Manual code review
Recommendations
To fix this issue, the receive() function should include logic that marks users as participants when they deposit Ether.
Lead Judging Commences
receive does not update participation status
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.