`christmasDinner::setDeadline` will never revert
Summary
The christmasDinner::setDeadline function is intended to revert if the deadline has already been set. However, due to a flaw in the current implementation, the revert statement will never be executed.
https://github.com/Cyfrin/2024-12-christmas-dinner/blob/9682dcc306db935a2511e1eb8280d17ef01e9004/src/ChristmasDinner.sol#L182
https://github.com/Cyfrin/2024-12-christmas-dinner/blob/9682dcc306db935a2511e1eb8280d17ef01e9004/src/ChristmasDinner.sol#L42
Vulnerability Details
The christmasDinner::setDeadline function uses a boolean variable, deadlineSet, to determine whether the deadline has already been set. If it is set, the function is supposed to revert. Otherwise, it sets the deadline to block.timestamp + _days * 1 days. However, since the deadlineSet variable is never updated to true after setting the deadline, the function does not revert and allows the deadline to be reset multiple times.
Impact
The host can set the event
deadlinemultiple times, potentially causing inconsistencies in the event scheduling.
PoC
use this test in
christmasDinnerTest.t.sol`
Tools Used
IDE
Manual Review
Recommendations
Update the function to set the
deadlineSetboolean totrueimmediately after thedeadlineis assigned.
Lead Judging Commences
deadline is never set to true
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.