Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Inconsistent Participation Logic Between ETH and ERC20

shrxyeh

Summary

The receive() function automatically sets participation to true, while ERC20 deposits have a different flow.

Vulnerability Details

The receive() function automatically sets the participant status to true, while ERC20 deposits follow a different flow for participation. This inconsistency leads to confusion for users, as participants may be treated differently based on the asset they deposit (ETH vs. ERC20 tokens). The differing behavior can result in an inconsistent user experience, where some participants are automatically considered enrolled while others must follow a separate process. This could lead to unexpected outcomes or confusion regarding participant status.

receive() external payable {
etherBalance[msg.sender] += msg.value;
emit NewSignup(msg.sender, msg.value, true);
// Automatically considered participant
}

Impact

  • Inconsistent user experience

  • Potential confusion for participants

  • Different behavior for different asset types

Tools Used

Foundry

Recommendations

receive() external payable {
if (!participant[msg.sender]) {
participant[msg.sender] = true;
}
etherBalance[msg.sender] += msg.value;
emit NewSignup(msg.sender, msg.value, participant[msg.sender]);
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.