Submission Details
Severity:
User can deposit ether using the `ChristmasDinner::deposit` function.
Summary
A user can deposit ether using the `ChristmasDinner::deposit` function, in the deposit function, from the netspac: `Does not allow signing up with Ether, for Ether signups use receive()`. This would interupt the functionality of the protocol.
Vulnerability Details
Add the following to the test suite and run `forge test --mt ChristmasDinner::deposit -vvv`
```javascript
function test_depositEtherUsingDepositFunction() public {
vm.warp(1 + 3 days);
vm.startPrank(user1);
//depositng weth
cd.deposit(address(weth), 1e18);
assertEq(weth.balanceOf(user1), 1e18);
assertEq(weth.balanceOf(address(cd)), 1e18);
console.log("weth deposited");
vm.stopPrank();
}
```
Impact
A user can sign up with ether, using the ChristmasDinner::deposit, which shouldn't be done, following the natspec instruction.
Tools Used
foundry, manual analysis
Recommendations
Include a check in the deposit function that reverts if the token is weth.
```diff
+ if(_token == address(i_WETH)){
+ revert canOnlyDepositWethUsingRecieve();
+ }
```
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.