Beatland Festival

First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Submission Details
Impact: medium
Likelihood: high
Invalid

Inconsistent validation for Duration for creating a Performance

FestivalPass.sol:createPerformance does not check for duration of the performance properly

Description

The function FestivalPass.sol:createPerformance only checks that the duration is greater than zero. This mean performances with and extremely short duration (e.g 1 sec) is also allowed. Given the unpredictable timing of block confirmations, such a short window can result in :

  • Users being unable to participate or register attendance.

  • Increased risk of race conditions, where only one or few users succeed in interacting with the contract in time.

  • Potential DoS-style spamming of the platform with unusable events.

@> require(duration > 0, "Duration must be greater than 0");

Risk

Likelihood:

  • In a blockchain environment where transactions are confirmed with delays, short durations are inherently prone to race conditions or failures for participants.

  • It is very easy for an organizer (malicious or negligent) to create a performance with a duration of 1–2 seconds.

Impact:

  • Performances lasting for 1 or 2 seconds could make it impossible for most users to interact

  • Malicious organizers could create many ultra-short performances that clog up event listings without offering meaningful participation opportunities.

Proof of Concept

Recommended Mitigation

Add a minimum duration threshold for performance for both minumum and maximum allowed duration for any performance

- require(duration > 0, "Duration must be greater than 0");
+ require( duration >= 300 && duration <= 10 days,"Duration must be between 5 minutes and 10 days");
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.