`fund.dealine_set` is never set to `true` after fund's deadline is set
Summary
Inside the set_deadline function fund.dealine_set is never set to true although fund's deadline is set.
Vulnerability Details
Inside the set_deadline function, fund's creator can set fund's deadline as many times as he wishes, although the idea is to be able to set it only once. This issue happens, because fund.dealine_set is never set to true when fund's deadline is set.
Impact
Since the fund's creator is able to set fund's deadline as many times as he wishes to whatever he wishes, fund's creator is able to set fund's deadline to some past timestamp, essentially ending the conribution campaign for the fund immediately. This leaves contributors no chance of taking their contributions back by calling refund function, because the contribution campaign for the fund is already over and they had no chance to react to fund's creator setting the deadline to some past timestamp in any way. This way, fund's creator essentially scams contributors and steals their contributions. This issue makes the refund function totally useless.
Tools Used
Manual Review
Recommendations
fund.dealine_set should be set to true when the fund.deadline is set inside the set_deadline function:
Appeal created
Deadline set flag is not updated in `set_deadline` function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.