Christmas Dinner

First Flight #31

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Lack of Minimum Payment Threshold Allows Insignificant Contributions for Participation

s4bot3ur

Summary

The absence of a minimum payment threshold allows users to become participants with negligible contributions, leading to inadequate funding for the event and creating an unfair system that undermines trust in the protocol.

Impact

The absence of a minimum payment threshold allows users to become participants with negligible contributions, leading to inadequate funding for the event and creating an unfair system that undermines trust in the protocol.

Proof Of Concept

Add the below code in ChristmasDinnerTest.t.sol:ChristmasDinnerTest

function test_POC_No_Threshold_Payment()public{

address EXPLOITER=makeAddr("EXPLOITER");

startHoax(EXPLOITER,1 ether);

usdc.mint(EXPLOITER,1);

usdc.approve(address(cd),1);

cd.deposit(address(usdc),1);

bool check_EXPLOITER_IS_A_PARTICIPANT=cd.getParticipationStatus(EXPLOITER);

startHoax(deployer,1 ether);

usdc.mint(deployer,1 ether);

usdc.approve(address(cd),1 ether);

cd.deposit(address(usdc),1 ether);

bool check_Deployer_IS_A_PARTICIPANT=cd.getParticipationStatus(EXPLOITER);

console.log("Participation status of EXPLOITER :",check_EXPLOITER_IS_A_PARTICIPANT);

console.log("Participation status of deployer :",check_Deployer_IS_A_PARTICIPANT);

}

Add the above code in the ChristmasDinnerTest.t.sol:ChristmasDinnerTest.
shell forge test --match-test test_POC_No_Threshold_Payment -vv
You will get output as folowing
- Participation status of EXPLOITER : true
- Participation status of deployer : true

Tools Used

Foundry

Recommendations

The issue can be resolved by implementing a minimum ETH payment threshold that users must meet to qualify as participants, ensuring fair contributions and adequate funding for the event.

////////////////////////////////////////////////////////////////

////////////////// State Variables /////////////////

////////////////////////////////////////////////////////////////

address public host;

uint256 public deadline;

bool public deadlineSet = false;

bool private locked = false;

+ uint256 constant THRESHOLD_ETH=1e18;

mapping (address user => bool) participant;

function deposit(address _token, uint256 _amount) external beforeDeadline {

+ if(_amount<THRESHOLD_ETH){

+ revert("Insufficient Amount");

}

receive() external payable {

+ if(_amount<THRESHOLD_ETH){

+ revert("Insufficient Amount");

etherBalance[msg.sender] += msg.value;

emit NewSignup(msg.sender, msg.value, true);

}

Updates

Lead Judging Commences

0xtimefliez Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.