Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

`IFestivalPass:FundsWithdrawn` natspec is incorrect

lighterret

IFestivalPass:FundsWithdrawn natspec is incorrect

Description

  • The natspec for IFestivalPass:FundsWithdrawn and a comment above FestivalPass:withdraw says that the organizer withdraws the fees. However, the README.md says it's the owner. Also the owner is the user who can actually call the FestivalPass:withdraw function.

  • Clarification from the team would be great, but for this I'll follow the README.md and the implementation of FestivalPass:withdraw and assume the owner should be the user to withdraw funds.

In IFestivalPass:

/**
@> * @notice Emitted when the organizer withdraws collected funds
@> * @param organizer Address of the organizer
* @param amount Amount of ETH withdrawn
*/
@> event FundsWithdrawn(address indexed organizer, uint256 amount);

In FestivalPass:

@> // Organizer withdraws ETH
function withdraw(address target) external onlyOwner {

Recommended Mitigation

  • The natspec, event and comment should be updated to show that the owner is who can withdraw funds

In IFestivalPass:

/**
+ * @notice Emitted when the owner withdraws collected funds
+ * @param target Address of the target address to receive funds
* @param amount Amount of ETH withdrawn
*/
+ event FundsWithdrawn(address indexed target, uint256 amount);

In FestivalPass:

- // Organizer withdraws ETH
+ // Owner withdraws ETH
function withdraw(address target) external onlyOwner {
Updates

Lead Judging Commences

inallhonesty Lead Judge 29 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.