Submission Details
Severity:
The host can withdraw all the funds without waiting for the deadline. In this case, users will not be able to withdraw their funds if they no longer wish to participate.
Description: At function refund(), participant can refund before deadline. But the host can withdraw all the funds without waiting for the deadline. Therefore, after the host withdraws the funds, users will no longer be able to refund their money, leading to a loss of funds for the users.
Impact: User may loss of funds after host withdraw all funds before deadline/
Recommended Mitigation: Add check deadline before host withdraw
function withdraw() external onlyHost { // q Do the host needs to wait for the deadline?
+ require(block.timestamp > deadline, "Cannot withdraw before deadline");
address _host = getHost();
i_WETH.safeTransfer(_host, i_WETH.balanceOf(address(this)));
i_WBTC.safeTransfer(_host, i_WBTC.balanceOf(address(this)));
i_USDC.safeTransfer(_host, i_USDC.balanceOf(address(this)));
}
Updates
Lead Judging Commences
0xtimefliez about 1 year ago
Submission Judgement Published Assigned finding tags:
withdraw is callable before deadline ends
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.