Christmas Dinner

First Flight #31

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

L-1: Ineffective deadlineSet Flag in setDeadline Function

andrekkr

Summary

The setDeadline function is designed to allow the host to set a deadline for attendees to sign up. However, the deadlineSet flag is ineffective and does not change its value under any condition, making it redundant. This could lead to confusion or misuse if developers or auditors assume the flag reflects the deadline's status.

Vulnerability Details

Root Cause:

The deadlineSet variable is always initialized as false and remains unchanged throughout the function or contract lifecycle.
The function does not update the deadlineSet variable to true when the deadline is set, rendering the flag unused.

Expected Behavior:

The deadlineSet flag should transition to true after a deadline is successfully set.
Optionally, the flag could transition back to false once the deadline has passed, if dynamic deadline updates are needed.

Current Behavior:

The deadlineSet variable remains false, regardless of whether a deadline has been set or expired.

Impact

The deadlineSet variable does not impact the functionality of the contract in its current state. However, it introduces unnecessary complexity and could lead to misunderstandings during code maintenance or extensions.

Tools Used

Manual code review
Foundry for testing

Recommendations

Update the setDeadline function to update the deadlineSet flag:

When the deadline is successfully set, change deadlineSet to true.

function setDeadline(uint256 _days) external onlyHost {
if (deadlineSet) {
revert DeadlineAlreadySet();
}
deadline = block.timestamp + _days * 1 days;
deadlineSet = true; // Set the flag to true
emit DeadlineSet(deadline);
}

Use a modifier to reset deadlineSet once the deadline has passed:
- This ensures the flag reflects the current state dynamically.
- Example:
  
  modifier beforeDeadline() {
  if (block.timestamp > deadline) {
  deadlineSet = false; // Reset the flag
  revert BeyondDeadline();
  }
  _;
  }
Alternatively, remove the deadlineSet variable entirely:
- If the deadline timestamp is sufficient to manage the logic, remove deadlineSet to simplify the contract.
Conduct a review of other parts of the contract:
- Check if deadlineSet is referenced elsewhere, as its removal or repurposing could have downstream effects.

PoC

function testDeadlineSetFlag() public {

vm.startPrank(deployer);

cd.setDeadline(7);

assertEq(cd.deadline(), block.timestamp + 7 * 1 days);

cd.setDeadline(3);

assertEq(cd.deadline(), block.timestamp + 3 * 1 days);

vm.stopPrank();

}

Updates

Lead Judging Commences

0xtimefliez Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

deadline is never set to true

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!