Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

M3 - Attendees Paying by Ether Do Not Receive Participation Status

xmrsaifx

Summary

The receive function allows attendees to send Ether payments, but it does not update their participation status. As a result, Ether-paying attendees remain unregistered as participants, potentially causing issues with event attendance tracking and logistics.

Vulnerability Details

The receive function credits the sender's Ether balance but does not set their participant status to true. This leads to inconsistent tracking of participants, as attendees who pay with other tokens (e.g., WETH, USDC) are correctly marked as participants, while Ether-paying attendees are not.

Affected Code

receive() external payable {
etherBalance[msg.sender] += msg.value;
emit NewSignup(msg.sender, msg.value, true);
}

Impact

  • Ether-paying attendees are not recognized as participants, leading to inaccurate participant records.

  • Event logistics and resource allocation may be negatively impacted due to untracked Ether-paying attendees.

Steps to Reproduce

  • Deploy the contract containing the receive function.

  • Send Ether to the contract using an account.

  • Check the participant status of the account; observe that it is not updated to true.

Tool Used

  • Manual Review

Recommendations

Update the receive function to assign the participant status to attendees who pay with Ether.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

receive does not update participation status

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.