The setDeadline can be called anytime to change the deadline.
Summary
The setDeadline function lacks the proper handling to ensure that the deadline can only be set once, as intended.
Vulnerability Details
The ChristmasDinner smart contract has a significant vulnerability in its setDeadline function where the deadlineSet flag is not updated to true after setting the event's deadline. This oversight allows the host to repeatedly reset the deadline, contrary to the intended design that likely aims for the deadline to be set only once to ensure stable event planning and participant commitment. This flaw could lead to administrative abuse or operational disruption as the host could manipulate the deadline to influence participation unfairly or create uncertainty among the participants, undermining the contract’s reliability and the overall integrity of the event management process.
Impact
The impact of the vulnerability in the setDeadline function of the ChristmasDinner smart contract is considerable, as it allows the event host to repeatedly modify the deadline. This can lead to significant disruptions in event planning and management, affecting participants who may adjust their schedules based on the initially stated deadline. The ability to change the deadline at will could result in administrative abuse, where the host might extend or shorten the deadline to manipulate participation rates or conditions, potentially leading to dissatisfaction, reduced participation, and a loss of trust in the fairness and reliability of the event management system. This could ultimately deter users from engaging with the contract or similar systems in the future.
Tools Used
foundry
Recommendations
change the code as:
Lead Judging Commences
deadline is never set to true
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.