M2 - Host can keep extending the deadline indefinitely.
Summary
The setDeadline function allows the host to repeatedly extend the event deadline. Although the deadlineSet variable is intended to restrict multiple extensions, it is not updated after the deadline is initially set, enabling the host to call the function multiple times and manipulate the event timeline.
Vulnerability Details
The setDeadline function lacks a mechanism to persistently lock the deadline once it has been set. As a result, the host can repeatedly invoke this function to extend the event deadline indefinitely, which could disrupt event scheduling and create trust issues among participants.
Affected Code:
Impact
The host can exploit this vulnerability to continuously delay the event.
Participants may lose trust in the event's credibility due to the uncertainty of the timeline.
Repeated deadline changes could disrupt planning for both participants and the event organizers.
Steps to Reproduce
Deploy the smart contract containing the
setDeadlinefunction.As the host, call the
setDeadlinefunction with a valid_daysparameter.Observe that the deadline is updated without any mechanism to restrict multiple updates.
Tools Used
Manual Review
Foundry Framework
Recommendations
Update the deadlineSet variable after the deadline is initially set to ensure that the function cannot be called more than once.
Lead Judging Commences
deadline is never set to true
deadline is never set to true
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.