`dealine_set` is not updated in the deadline setting function
Summary
The set_deadline function fails to update the dealine_set flag to true after setting the deadline value. This creates a state inconsistency that could lead to multiple deadline changes despite program logic intended to prevent this behavior.
Vulnerability Details
The function does check initially if the deadline is already set or not via the following code, correctly returning an error if a deadline has already been set.:
But if the dealine_set flag is never set to true after the fund creator sets the deadline, he/she has the liberty to change the deadline practically whenever they want to and hence disrupting the functioning of the protocol.
Impact
This vulnerability allows the fund creator to call set_deadline multiple times, changing the deadline value repeatedly. The creator could extend the deadline indefinitely when fundraising is slow.
Tools Used
Manual Review
Recommendations
Update the set_deadline flag after setting the deadline:
Appeal created
Deadline set flag is not updated in `set_deadline` function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.