Submission Details
Severity:
changeParticipationStatus() allows signup without payment within deadline
Summary
If a user calls changeParticipationStatus() within the deadline period, they are added as a participant without needing to pay. I.e. Users can signup without payment.
Vulnerability Details
function changeParticipationStatus() external {
if(participant[msg.sender]) {
participant[msg.sender] = false;
} else if(!participant[msg.sender] && block.timestamp <= deadline) { //@audit -- allows registration without payment. No signup event emitted.
participant[msg.sender] = true;
} else {
revert BeyondDeadline();
}
emit ChangedParticipation(msg.sender, participant[msg.sender]);
}
Impact
Allows users to free ride, attend the party without contributing their share of payment for the party.
Tools Used
Manual review.
Recommendations
Implement the following check to ensure the participant changing their mind has a non-zero token balance (See line 5):
function changeParticipationStatus() external {
if(participant[msg.sender]) {
participant[msg.sender] = false;
} else if(!participant[msg.sender] && block.timestamp <= deadline) { //@audit -- allows registration without payment. No signup event emitted.
require(balances[msg.sender][address(i_USDC)] != 0 || balances[msg.sender][address(i_WBTC)] != 0 || balances[msg.sender][address(i_WETH)] != 0);
participant[msg.sender] = true;
} else {
revert BeyondDeadline();
}
emit ChangedParticipation(msg.sender, participant[msg.sender]);
}
Updates
Lead Judging Commences
0xtimefliez about 1 year ago
Submission Judgement Published Assigned finding tags:
usage of change participation logic circumvents deposit
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.