Submission Details
Severity:
The user deposits ETH, but their participant status remains false.
Summary
Although the user has deposited ETH, the system does not update their status to "participant."
Vulnerability Details
receive() external payable {
etherBalance[msg.sender] += msg.value;
emit NewSignup(msg.sender, msg.value, true);
}
This function only accepts ETH, but does not update the participant status, violating the contract's intended rules.
Impact
This results in a situation where a legitimate user fails to change their participation status to true by depositing ETH, which severely impacts the functionality of the contract.
Tools Used
Manual Review
Recommendations
To add the functionality that updates the user's participation status in the receive() function
receive() external payable {
etherBalance[msg.sender] += msg.value;
participant[msg.sender] = true;
emit NewSignup(msg.sender, msg.value, true);
}
Updates
Lead Judging Commences
0xtimefliez 7 months ago
Submission Judgement Published Assigned finding tags:
receive does not update participation status
0xtimefliez 7 months ago
Submission Judgement Published Assigned finding tags:
receive does not update participation status
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.