Christmas Dinner

First Flight #31

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Missing Functionality for User Registration in deposit Function

architect

Summary
The `deposit` function is currently designed to allow users to participate in the contract by depositing tokens. However, it does not include a mechanism that allows a user to sign up or register other users. This functionality was likely intended to be part of the contract, but it is missing. The absence of such a feature means that each user must sign up individually, limiting flexibility and potentially complicating the user experience

Vulnerability Details

The issue is located in the deposit function of the contract:

function deposit(address _token, uint256 _amount) external beforeDeadline {

if (!whitelisted[_token]) {

revert NotSupportedToken();

}

if (participant[msg.sender]) {

balances[msg.sender][_token] += _amount;

IERC20(_token).safeTransferFrom(msg.sender, address(this), _amount);

emit GenerousAdditionalContribution(msg.sender, _amount);

} else {

participant[msg.sender] = true;

balances[msg.sender][_token] += _amount;

IERC20(_token).safeTransferFrom(msg.sender, address(this), _amount);

emit NewSignup(msg.sender, _amount, getParticipationStatus(msg.sender));

}

Comment from Code: // Allows a user to sign-up other users. (Missing in implementation)

The `deposit` function allows the caller to sign up as a participant if they are not already one, but it only registers the caller (the one making the deposit).

There is no functionality in the contract that allows a user to sign up other users.

This means if a user wants to register someone else (for example, as part of a group or event), they cannot do so directly through this contract. Instead, each user must manually interact with the contract to sign up.

Impact

The lack of a feature to allow users to register others limits the flexibility of the contract, especially in cases where users want to enroll multiple participants simultaneously or manage group registrations.

Tools Used

Manual

Recommendations

The contract should be modified to allow users to register other participants by introducing a separate function for this purpose. This function should ensure that the calling user has the authority to sign up others (for example, a "host" or "admin" role, or a user with specific permissions).

Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Deposit function lacks functionality

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.