Unauthorized Host Privileges Allow Fund Withdrawal Without Payment
Summary
A malicious user can exploit a vulnerability by updating their participation status without paying the required amount. If this user is later promoted to host by the current host, they gain the ability to withdraw the entire balance from the contract, resulting in financial losses.
Vulnerability Details
If a new user calls the changeParticipationStatus function, the function updates the user's status to "participant" without requiring any payment. This oversight allows the user to bypass the payment requirements and gain eligibility for host privileges. If the user is subsequently promoted to host, they can withdraw all funds from the contract without ever having paid the required amount.
Impact
This vulnerability can lead to severe financial exploitation, as it allows an attacker to withdraw the entire balance from the contract without having made any payment. It compromises the integrity of the system and undermines trust among legitimate participants.
Tools Used
Foundry
Recommendations
Update the
changeParticipationStatusfunction to include a check that ensures a new user can only update their participation status after successfully completing payment. (there should be a transfer function inside this function that new user must pay before getting added to participant mapping)
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.