Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

`changeParticipationStatus` Allows Unauthorized Participation Without Required Deposit

parmakhanm786

Vulnerability Details

The function changeParticipationStatus allows participants to update their status without verifying whether they have paid the required deposit. This creates a loophole where uncommitted users can register as participants.

Impact

Event organizers may not collect sufficient funds if participants can register without making payments, potentially jeopardizing the event's financial security

Tools Used

foundry , vs code , foundry

POC

add below test file

function test__withoutDepositBecomeParicipants() public {
address newuser = makeAddr("newuser");
vm.startPrank(newuser);
cd.changeParticipationStatus();
assert(cd.getParticipationStatus(newuser) == true);
vm.stopPrank();
}

also add getParticipationStatus function in contract to get status of pariticpants so that we can call this from test contract

function getParticipationStatus(address _user) public view returns (bool) {
return participant[_user];
}

Mitigation

add proper check change participation function like user must already provide some fund before changing the status in pariticpation function

Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

usage of change participation logic circumvents deposit

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!