Christmas Dinner

First Flight #31

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Validate input `_days` in `setDeadline` function, a high value for `_days` can cause issue.

affanimran1303

Summary:

The setDeadline function does not validate the _days parameter. Setting an extremely high value could cause issues.

Vulnerability Details:

In setDeadline function, if _days is set to an extremely high value, it could lead to:
- Overflow of the deadline variable.
- Unreasonably long deadlines, prevent the proper organization of the event.
Users might not realize the consequence of passing very high values for _days.

Impact:

Lack of input validation _days in the setDeadline function could lead to unintended behaviors, such as setting an unreasonably high deadline that could overflow or prevent proper event scheduling. This oversight can disrupt contract operations and create planning issues.

Tools Used:

Manual Testing
Foundry (for test cases)

Recommended Mitigations:

Update the setDeadline function by setting validation for _days to limit the maximum allowed value.

function setDeadline(uint256 _days) external onlyHost {

if (deadlineSet) {

revert DeadlineAlreadySet();

}

// Validate _days to ensure it's within a safe and reasonable range

require(_days <= 365, "Deadline too far in the future"); // Example: max 1 year

deadline = block.timestamp + _days * 1 days;

emit DeadlineSet(deadline);

}

Proof Of Code:

Below are the test cases to validate this issue and simulate scenarios for extremely high _days values along with their respective outputs:

1. Arithmetic underflow or overflow test case:

Demonstrating if _days value gets underflow or overflow.

function testSetDeadlineOverflow() public {

uint256 maxDays = type(uint256).max / 1 days;

uint256 highDays = maxDays + 1;

uint256 reasonableDays = 365;

vm.prank(deployer);

cd.setDeadline(highDays);

uint256 expectedDeadline = block.timestamp + (reasonableDays * 1 days);

assertEq(cd.deadline(), expectedDeadline);

}

Output:

[FAIL: panic: arithmetic underflow or overflow (0x11)] testSetDeadlineOverflow() (gas: 14997)

2. Passing a High _days value that is valid but nonreasonable:

This test function will consider a very high value for _days which is valid but not a reasonable one that can be regarded as organizing an event (due to business logic, a deadline to get registered for an event can be to some extent, but not too long.)

function testSetHighNonReasonableDeadline() public {

uint256 maxDays = type(uint256).max

uint256 highDays = maxDays + 1;

uint256 HighNonReasonableDays = 11365;

vm.prank(deployer);

cd.setDeadline(HighNonReasonableDays);

uint256 expectedDeadline = block.timestamp + (HighNonReasonableDays * 1 days);

assertEq(cd.deadline(), expectedDeadline);

}

This test function will PASS, which means that the event's deadline can be set to be very high nonreasonable value, which isn't set according to the business logic of any event.

Output:

[PASS] testSetHighNonReasonableDeadline() (gas: 22325)

Updates

Lead Judging Commences

0xtimefliez Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.