Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Manipulatable Deadline Setting

shrxyeh

Summary

The setDeadline function never sets deadlineSet to true, allowing the host to repeatedly modify the deadline.

Vulnerability Details

The setDeadline function does not set the deadlineSet flag to true after updating the deadline, allowing the host to modify the deadline repeatedly. This enables the host to continuously extend the deadline, preventing users from reliably planning their participation. Additionally, this can be exploited to indefinitely delay refunds, breaking the contract's intended behavior and trust.

function setDeadline(uint256 _days) external onlyHost {
if (deadlineSet) {
revert DeadlineAlreadySet();
} else {
deadline = block.timestamp + _days * 1 days;
// deadlineSet is never set to true
}
}

Impact

  • Host can continuously extend the deadline

  • Users cannot reliably plan their participation

  • Could be used to prevent refunds indefinitely

Tools Used

Foundry

Recommendations

function setDeadline(uint256 _days) external onlyHost {
if (deadlineSet) {
revert DeadlineAlreadySet();
}
deadline = block.timestamp + _days * 1 days;
deadlineSet = true;
emit DeadlineSet(deadline);
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

deadline is never set to true

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.