Submission Details
Severity:
Host can set deadline multiple times
[H-2] Host can set deadline multiple times
Description: The deadlineSet variable is never set to true, so the host change the deadline at any time.
function setDeadline(uint256 _days) external onlyHost {
// this will never trigger
@> if(deadlineSet) {
revert DeadlineAlreadySet();
} else {
deadline = block.timestamp + _days * 1 days;
emit DeadlineSet(deadline);
}
}
Impact: The host can extend the deadline, or immediately end the event.
Proof of Concept:
HOST can extend the deadline by 10 days.
HOST can end the event immediately.
Add the following code into ChristmasDinner.t.sol:
function test_hostChangeDeadline() public {
vm.startPrank(deployer);
uint256 oldDeadline = cd.deadline();
// extend deadline by 10 days
cd.setDeadline(DEADLINE + 10);
uint256 newDeadline = cd.deadline();
assertGe(newDeadline, oldDeadline);
// end the event
cd.setDeadline(0);
assertEq(cd.deadline(), block.timestamp);
vm.stopPrank();
}
Recommended Mitigation:
change 'deadlineSet' to true after the deadline is set.
function setDeadline(uint256 _days) external onlyHost {
// this will never trigger
if(deadlineSet) {
revert DeadlineAlreadySet();
} else {
+ deadlineSet = true;
deadline = block.timestamp + _days * 1 days;
emit DeadlineSet(deadline);
}
}
Updates
Lead Judging Commences
0xtimefliez 11 months ago
Submission Judgement Published Assigned finding tags:
deadline is never set to true
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.