Submission Details
Severity:
refund() does not Unregister Participant From Event
Summary
refund() function enables a participant to get their tokens back while still being registered for the party. The result is they are able to illegitimately attend the party for free. The function should instead unregister the caller of the function from the party during the refund process.
Vulnerability Details
function refund() external nonReentrant beforeDeadline { //@audit - Reenterancy
address payable _to = payable(msg.sender);//@audit should UNregister participant from event.
_refundERC20(_to);
_refundETH(_to);
emit Refunded(msg.sender);
}
Impact
A user can deposit(), become a participant, and then call refund without being unregistered from the party.
Tools Used
Manual Review
Recommendations
Refactor refund() function. Change the value of the participant mapping to false when a participant calls refund. See below:
function refund() external nonReentrant beforeDeadline {
participant[msg.sender] = false; //@audit correction to unregister participant.
address payable _to = payable(msg.sender);
_refundERC20(_to);
_refundETH(_to);
emit Refunded(msg.sender);
}
Updates
Lead Judging Commences
0xtimefliez about 1 year ago
Submission Judgement Published Assigned finding tags:
refund does not update participation status
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.