Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Inadequate Participation Status Handling

Deleted user

[MEDIUM-1] Inadequate Participation Status Handling

Severity: MEDIUM

Description:
The changeParticipationStatus function lacks proper state change validation and does not restrict the timing of when it can be called. This can lead to unintended behavior if users attempt to change their participation status after the deadline has passed.

function changeParticipationStatus() public {
participants[msg.sender].isParticipating = !participants[msg.sender].isParticipating;
}

Impact:
Users could potentially manipulate their participation status after the deadline, affecting the distribution of funds or participation rewards.

Proof of Concept:
The following test demonstrates this behavior:

function test_participation_status_after_deadline() public {
vm.startPrank(user1);
cd.deposit(address(weth), 1e18);
// Change participation status before the deadline
cd.changeParticipationStatus();
assertEq(cd.getParticipationStatus(user1), false);
// Attempt to change participation status after the deadline
vm.warp(block.timestamp + 8 days);
cd.changeParticipationStatus(); // No revert
assertEq(cd.getParticipationStatus(user1), true); // Unexpected behavior
vm.stopPrank();
}

Recommended Mitigation:
Restrict changes to participation status before the deadline. This can be achieved using a require statement or by using the beforeDeadline modifier:

require(block.timestamp <= deadline, "Cannot change participation status after deadline");
// Alternatively, use the beforeDeadline modifier
Updates

Lead Judging Commences

0xtimefliez Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.