Submission Details
Impact:
Likelihood:
Multiple emissions in `FestivalPass` occur after the effect
Multiple emissions in FestivalPass occur after the effect
Description
-
Functions in
FestivalPassemit events when critical or important states are updated. -
However there are multiple functions that emit their event after the effect is done. They are
FestivalPass:attendPerformanceandFestivalPass:redeemMemorabilia. It's best practice to follow CEI. -
Note that the emission in
FestivalPass:buyPassis addressed in the issue: "Reentrancy attack inFestivalPass:buyPassallows entrant to buy unlimited festival passes"
Recommended Mitigation
// Attend a performance to earn BEAT
function attendPerformance(uint256 performanceId) external {
require(isPerformanceActive(performanceId), "Performance is not active");
require(hasPass(msg.sender), "Must own a pass");
require(!hasAttended[performanceId][msg.sender], "Already attended this performance");
require(block.timestamp >= lastCheckIn[msg.sender] + COOLDOWN, "Cooldown period not met");
hasAttended[performanceId][msg.sender] = true;
lastCheckIn[msg.sender] = block.timestamp;
uint256 multiplier = getMultiplier(msg.sender);
+ emit Attended(msg.sender, performanceId, performances[performanceId].baseReward * multiplier);
BeatToken(beatToken).mint(msg.sender, performances[performanceId].baseReward * multiplier);
- emit Attended(msg.sender, performanceId, performances[performanceId].baseReward * multiplier);
...
// Redeem a memorabilia NFT from a collection
function redeemMemorabilia(uint256 collectionId) external {
MemorabiliaCollection storage collection = collections[collectionId];
require(collection.priceInBeat > 0, "Collection does not exist");
require(collection.isActive, "Collection not active");
require(collection.currentItemId < collection.maxSupply, "Collection sold out");
// Burn BEAT tokens
BeatToken(beatToken).burnFrom(msg.sender, collection.priceInBeat);
// Generate unique token ID
uint256 itemId = collection.currentItemId++;
uint256 tokenId = encodeTokenId(collectionId, itemId);
// Store edition number
tokenIdToEdition[tokenId] = itemId;
// Mint the unique NFT
+ emit MemorabiliaRedeemed(msg.sender, tokenId, collectionId, itemId);
_mint(msg.sender, tokenId, 1, "");
-
- emit MemorabiliaRedeemed(msg.sender, tokenId, collectionId, itemId);
}
}
Rewards breakdown
nSLOC
234This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.