Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Participant status not updated when depositing ETH

marcoroccon

Description:
The participant mapping is only updated when user deposits a whitelisted ERC20 token. This does not happen when user sends ETH directly to the contract.

Impact:
This issue cause a double standard in managing the participation status between users that decide to join the dinner with whitelisted ERC20 tokens and users that send native ETH directly to the contract.

Tools Used:
Manual review

Proof of Concept:
Add the following test to ChristmasDinnerTest.t.sol, which will demonstrate the double standard when dealing with users with different kind of deposit. User1 deposits 1WETH and is automatically listed as participant, whereas User2 deposits 1ETH and is still listed as non participant.

function test_userListedAsParticipantWithERC20AndNotWithETH() public {
vm.startPrank(user1);
cd.deposit(address(weth), 1e18);
assertEq(cd.getParticipationStatus(user1), true);
vm.stopPrank();
address payable _cd = payable(address(cd));
vm.deal(user2, 10e18);
vm.prank(user2);
(bool sent,) = _cd.call{value: 1e18}("");
require(sent, "transfer failed");
assertEq(cd.getParticipationStatus(user2), false);
}

Recommended Mitigation:

  • Add the following line in the receive function, so that, upon receiving any amount of ETH from the user, their participation status is updated to true.

receive() external payable {
+ participant[msg.sender] = true;
etherBalance[msg.sender] += msg.value;
emit NewSignup(msg.sender, msg.value, true);
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

receive does not update participation status

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!