Beatland Festival

First Flight #44

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Missing collection status management prevents activation of inactive memorabilia collections

anchabadze

Description:

The createMemorabiliaCollection() function allows organizers to set the initial isActive status through the activateNow parameter, which determines whether the collection can be redeemed immediately. However, the contract lacks any function to modify the isActive status after collection creation. This means collections created with activateNow = false become permanently unredeemable, as the redeemMemorabilia() function requires collection.isActive to be true. The missing status management functionality creates dead collections that can never be activated, regardless of organizer intentions or changing circumstances.

Attack path:

Organizer creates a memorabilia collection with activateNow = false for planned future release
Collection is successfully created and stored with isActive = false
Users earn BEAT tokens through festival attendance expecting to redeem from this collection
When organizer decides to release the collection, they discover no function exists to change isActive status
Users attempt to redeem memorabilia using redeemMemorabilia(collectionId)
Transaction reverts with "Collection not active" despite collection existing and having available supply
Collection becomes permanently unredeemable with no recovery mechanism available

Impact:

Collection becomes permanently unredeemable with no recovery mechanism available

BEAT tokens earned for unredeemable collections become worthless for their intended purpose

Recommended Mitigation:

Add a function to allow organizers to toggle collection status after creation

function toggleCollectionStatus(uint256 collectionId, bool newStatus) external onlyOrganizer {

require(collections[collectionId].priceInBeat > 0, "Collection does not exist");

collections[collectionId].isActive = newStatus;

emit CollectionStatusChanged(collectionId, newStatus);

}

event CollectionStatusChanged(uint256 indexed collectionId, bool isActive);

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 month ago

Submission Judgement Published

Validated

Assigned finding tags:

createMemorabiliaCollection with isActive false for later usage - flow not properly implemented.

Low because an organizer can use it with active = true and organizer is trusted.

Rewards breakdown

nSLOC

234

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.