Deadline Manipulation by Host
Summary
The setDeadline() function allows the host to reset the deadline even after it has been set, due to a missing state update (deadlineSet = true).
Vulnerability Details
-The contract checks if the deadline is already set using deadlineSet, but the state is never updated to true once the deadline is set.
-This allows the host to reset the deadline multiple times, breaking the assumption that the deadline is immutable after being set.
-This could be used to unfairly manipulate the event by changing the deadline at will.
Impact
-The host can repeatedly change the deadline, potentially causing unfair access or blocking participation after users have committed funds.
-It breaks the core trust assumption of the contract, where the rules should be immutable once set.
Tools Used
Code review.
Recommendations
-Ensure deadlineSet = true is set once the deadline is defined.
-Make the deadline immutable once it is set by adding a modifier or a state check.
-Implement a mechanism to prevent any further changes to the deadline after it’s been set, ensuring fair participation.
Lead Judging Commences
deadline is never set to true
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.