Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: low
Invalid

FestivalPass: No Pause or Emergency Stop Mechanism

amro135ali

Root + Impact

Description

  • The contract allows users to buy passes, attend performances, and redeem memorabilia at any time.

    Explain the specific issue:

    • There is no mechanism for the owner or organizer to pause the contract in case of a discovered vulnerability, attack, or emergency.

    • If a bug or exploit is found, the only recourse is to upgrade or migrate the contract, which may not be possible or timely.

    • This increases the risk of loss of funds or NFTs in the event of an emergency.

// Root cause in the codebase with @> marks to highlight the relevant sectionc

Risk

Likelihood:

  1. This will occur if a vulnerability is discovered after deployment.

  1. This will occur if an attack or exploit is detected.

  1. This will occur if there is a need to halt operations for maintenance or upgrades.

  1. This will occur if the contract is forked or reused without a pause mechanism.

Impact:

  1. Loss of funds or NFTs if an exploit is not stopped in time.

  1. Users may lose trust in the platform due to inability to respond to emergencies.

  1. The contract may require emergency migration or upgrade.

  1. Organizers may face legal or reputational consequences.

Proof of Concept

//need to modify

Recommended Mitigation

+ // Inherit OpenZeppelin's Pausable and add whenNotPaused modifiers to critical functions
+ // Allow owner or organizer to pause/unpause the contract in emergencies
Updates

Lead Judging Commences

inallhonesty Lead Judge 25 days ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.