Submission Details
Impact:
Likelihood:
Unintended Multiplier Logic
Description
Highest-tier pass always applies multiplier, regardless of actual usage.
function getMultiplier(address user) public view returns (uint256) {
@> if (balanceOf(user, BACKSTAGE_PASS) > 0) {
return 3; // 3x for BACKSTAGE
} else if (balanceOf(user, VIP_PASS) > 0) {
return 2; // 2x for VIP
} else if (balanceOf(user, GENERAL_PASS) > 0) {
return 1; // 1x for GENERAL
}
return 0; // No pass
}
Risk
Likelihood:
Only affects fairness. No direct financial exploit.
Impact:
Unfair reward distribution, economic imbalance.
Proof of Concept
function test_MultiplierExploit() public {
// User buys BACKSTAGE pass (3x multiplier)
buyPass(user, BACKSTAGE_PASS);
// User transfers pass to another address
vm.prank(user);
festivalPass.safeTransferFrom(user, address(0xdead), BACKSTAGE_PASS, 1, "");
// User still gets 3x multiplier without owning pass
uint256 multiplier = festivalPass.getMultiplier(user);
assertEq(multiplier, 3); // Still 3x!
}
Recommended Mitigation
Document behavior or implement pass-specific attendance.
Rewards breakdown
nSLOC
234This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.