Christmas Dinner

Summary

In the ChristmasDinner::setDeadline function, the deadlineSet status is not updated, allowing the host to modify the deadline multiple times, which threatens the fairness, transparency, and predictability of the contract and increases the risk of system abuse.

Vulnerability Details

In the ChristmasDinner::setDeadline function, the deadlineSet status is not updated after the first setting of the deadline. Due to the lack of an effective update of the deadlineSet flag, the host can modify the deadline multiple times during the contract's lifecycle. This design flaw allows the host to abuse the deadline modification process, affecting the fairness and transparency of the contract. In contracts involving time-sensitive operations, this could lead to unfair advantages.

Impact

• Abuse of privileges: The host can modify the deadline multiple times, gaining an unfair advantage or delaying the contract process.

• Erosion of contract fairness: Participants may lose trust in the contract's fairness, reducing participation.

• Reduced transparency: The contract's deadline is not fixed, preventing participants from clearly knowing the contract's end time, impacting the contract's predictability.

• Logical conflicts: Frequent modifications of the deadline may lead to confusion or inconsistencies if other parts of the contract rely on the deadline.

Tools Used

Manual review.

Recommendations

Add state update logic in the setDeadline function to ensure the deadlineSet flag is correctly updated the first time the deadline is set and limit the number of times the host can modify the deadline. This can be achieved by limiting the deadline setting or ensuring it only occurs under reasonable circumstances.