performanceId
— Wasted Gas & Ambiguous ErrorsNormal behaviour: User calls attendPerformance(performanceId)
with an ID that exists.
Issue: The function does not check whether performanceId
is < performanceCount
. If the caller passes a random large number, the function fetches an empty struct (startTime == 0
) and reverts with "Performance is not active" after needless gas is spent.
Likelihood:
Accidental user error or malicious griefing transaction can trigger the revert at any time.
Impact:
Each failed call burns ~20k gas; miners profit, users lose ETH.
Error message ambiguous; front-end may mis-diagnose the problem.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.