Participant will not be signed up for the dinner if they fund it with ETH
Summary
The receive() function in the contract is responsible for handling Ether deposits from participants. However, the participant status (tracked by participant[msg.sender]) is not being updated when Ether is received. This means that users who fund the contract with Ether are not properly registered as participants.
Vulnerability Details
In the receive() function, when Ether is sent to the contract, the etherBalance[msg.sender] is updated and an event (NewSignup) is emitted. However, the participant[msg.sender] mapping is not updated to reflect the user’s participation status, leaving them unregistered despite contributing funds. This omission will result in inconsistent participant data and also block the ETH funding participant from being set as the host.
Impact
Users who send only Ether to the contract are not marked as participants (
participant[msg.sender]remains false).Users who send only Ether to the contract cannot be set as the host.
Recommendations
To fix the issue, the participant[msg.sender] mapping should be updated to true within the receive() function to correctly register the participant when they fund the contract with Ether:
This ensures that the user is marked as a participant as soon as they send Ether to the contract.
Lead Judging Commences
receive does not update participation status
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.