Deadline Set Flag Not Updated in set_deadline Function
Summary
In the set_deadline function, after updating the deadline, the flag meant to indicate that the deadline has been set (deadline_set) is not updated. This omission may lead to unintended behavior regarding the campaign state and subsequent contribution validations.
Vulnerability Details
The set_deadline function is intended to lock in a deadline for the fundraising campaign. A flag (currently misnamed as dealine_set) should be set to true once the deadline is established, preventing further modifications and ensuring that contributions are only accepted when a valid deadline is present. However, the code only updates the deadline field without setting the flag, leaving it in its default state (false). This gap could allow contributions to be processed even when a deadline has not been confirmed, thereby undermining the intended logic.
Impact
The campaign might incorrectly accept contributions even if a valid deadline hasn’t been confirmed, leading to potential fund mismanagement.
Subsequent logic that relies on the flag to enforce contribution conditions may fail, causing inconsistencies in the contract's behavior.
It can compromise trust in the crowdfunding mechanism, as the state of the campaign may not accurately reflect its configured rules.
Tools Used
Manual code review
Static analysis of contract logic
Recommendations
Update the set_deadline function to set the deadline_set flag to true after successfully setting the deadline. For example:
Consider renaming the variable from
dealine_settodeadline_setfor clarity and consistency throughout the codebase.
Appeal created
Deadline set flag is not updated in `set_deadline` function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.