Submission Details
Severity:
`ChristmasDinner.deposit` function doesn't allow user to sign-up other users
Description: The ChristmasDinner::deposit function only allows the msg.sender to be signed up by adding him to the ChristmasDinner::partcipant mapping. Therefore a user can't sign up other users or his friends, he can only sign up himself to the event(dinner).
Impact: User can't sign up other users as is described in the specification and in the dev comments
Proof of Concept:
Is obvious
Recommendation: Add the possibility to sign up another user by adding a parameter userToSignUp
+ function deposit(address _token, uint256 _amount, address userToSignUp) external beforeDeadline {
- function deposit(address _token, uint256 _amount) external beforeDeadline {
if(!whitelisted[_token]) {
revert NotSupportedToken();
}
if(participant[userToSignUp]){
balances[msg.sender][_token] += _amount;
IERC20(_token).safeTransferFrom(msg.sender, address(this), _amount);
emit GenerousAdditionalContribution(msg.sender, _amount);
} else {
+ if(userToSignUp != address(0)){
+ participant[userToSignUp] = true;
+ }
+ else {
+ participant[msg.sender] = true;
+ }
- participant[msg.sender] = true;
balances[msg.sender][_token] += _amount;
IERC20(_token).safeTransferFrom(msg.sender, address(this), _amount);
emit NewSignup(msg.sender, _amount, getParticipationStatus(msg.sender));
}
}
Updates
Lead Judging Commences
0xtimefliez 10 months ago
Submission Judgement Published Assigned finding tags:
Deposit function lacks functionality
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.