Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Missing Deadline Validation in `withdraw()` Function

mishraji874

Description: The withdraw() function lacks deadline validation, allowing the host to withdraw funds before the deadline. The actual vulnerability is found here:

function withdraw() external onlyHost {
address _host = getHost();
i_WETH.safeTransfer(_host, i_WETH.balanceOf(address(this)));
i_WBTC.safeTransfer(_host, i_WBTC.balanceOf(address(this)));
i_USDC.safeTransfer(_host, i_USDC.balanceOf(address(this)));
}

Impact:

  • Host can drain all user deposits before the event

  • Complete loss of user funds

  • Breaks the trust model of the contract

Proof of Concept:

function testPrematureWithdraw() public {
// Setup
vm.prank(host);
christmasDinner.setDeadline(7); // 7 days deadline
// Make deposits
vm.deal(alice, 1 ether);
vm.prank(alice);
(bool success,) = address(christmasDinner).call{value: 1 ether}("");
require(success);
// Host withdraws immediately
vm.prank(host);
christmasDinner.withdraw();
// Verify premature withdrawal succeeded
assertEq(address(christmasDinner).balance, 0);
}

Recommended Mitigation: Add deadline check to withdraw() function:

function withdraw() external onlyHost {
require(block.timestamp > deadline, "Cannot withdraw before deadline");
address _host = getHost();
i_WETH.safeTransfer(_host, i_WETH.balanceOf(address(this)));
i_WBTC.safeTransfer(_host, i_WBTC.balanceOf(address(this)));
i_USDC.safeTransfer(_host, i_USDC.balanceOf(address(this)));
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

withdraw is callable before deadline ends

0xtimefliez Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

withdraw is callable before deadline ends

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.