Christmas Dinner

First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Submission Details
Severity: low
Valid

Non-Participant Users With No Funding History Can Change To Participants

Summary

Any user can become a participant of an event even without having sent funding to the contract.

Vulnerability Details

Users can only become participants of an event after they have sent funding through the ChristmasDinner::deposit function.

Existing participants can change to non-participants/generous funders by calling ChristmasDinner::changeParticipationStatus function.

If function is called by a !participant user, they are automatically added as participant.

Vulnerability exists in the second conditional branh of the if statement:

function changeParticipationStatus() external {
if (participant[msg.sender]) {
participant[msg.sender] = false;
} else if (!participant[msg.sender] && block.timestamp <= deadline) {
participant[msg.sender] = true;
} else {
revert BeyondDeadline();
}
emit ChangedParticipation(msg.sender, participant[msg.sender]);
}

Impact

Non participants without having sent any funding can become a participant, undermining the requirement to send funding to become a participant.

Proof Of Code

Add this test to ChristmasDinnerTest.t.s cccc

function testNonParticipantCanChangeStatusToTrue() public {
// Users enter event
vm.startPrank(user2);
cd.deposit(address(weth), 1e18);
vm.stopPrank();
// change non existent participant to true
// Only one user has entered - user2
vm.startPrank(user1);
cd.getParticipationStatus(user1);
cd.changeParticipationStatus();
vm.stopPrank();
cd.getParticipationStatus(user1);
assertEq(cd.getParticipationStatus(user1), true);
}

Tools Used

Manual review

Recommendations

Add checks to `ChristmasDinner::changeParticipationStatus` function to ensure if !participant then they must have sent funding for status to be set to true.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

usage of change participation logic circumvents deposit

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.