Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Deadline can be reset at any time by host

jimpixjed

Summary

We never set the value of the deadlineSet to true, so setDeadline function can be called unlimited amount of times by host.

Vulnerability Details

In the code logic for the setDeadline function we have a check that we do not want to change the deadline for the event if it was already set. But we never end up setting the value of the deadlineSet varaible to true, so the host can change the deadline unlimited amount of times

function setDeadline(uint256 _days) external onlyHost {
if (deadlineSet) {
revert DeadlineAlreadySet();
} else {
deadline = block.timestamp + _days * 1 days;
emit DeadlineSet(deadline);
}
}

Impact

The deadline can be constantly changed when it is expected to already be passed. If this is done an user can refund his/her balance that is sent to the contract. Also an user can chang their status to participant in that case.

Tools Used

  • Manual Review

Recommendations

Set the value of the deadlineSetvaraible to true the first them when the setDeadLine function is called.

function setDeadline(uint256 _days) external onlyHost {
if (deadlineSet) {
revert DeadlineAlreadySet();
} else {
deadline = block.timestamp + _days * 1 days;
// We aknowledge that the deadline is set
deadlineSet = true;
emit DeadlineSet(deadline);
}
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

deadline is never set to true

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!