BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: medium
Invalid

Missing Reset Mechanism for _setWinner Prevents Contract Reuse

themilenkov

Description

  • The boolean _setWinner is permanently set to true in setWinner() and never reset. There is no mechanism to initiate a new event cycle (e.g., updating teams, starting a new round, or resetting the vault state).

  • If the contract is designed to host only one event, this is acceptable.
    However, if the vault is intended for multiple tournaments or rounds, _setWinner remaining true permanently disables subsequent calls to setWinner() Due to this guard:

if (_setWinner) revert WinnerAlreadySet();

This makes the vault single-use, forcing the owner to deploy a new contract for every event.

Risk

Likelihood:

  • High — occurs deterministically after the first setWinner() call.

Impact:

  • Contract cannot host multiple events after one winner is set.

Recommended Mitigation

+function resetEvent(
+ uint256 newStartDate,
+ uint256 newEndDate,
+ string[48] memory newCountries
+) external onlyOwner {
+ _setWinner = false;
+ eventStartDate = newStartDate;
+ eventEndDate = newEndDate;
+ delete winner;
+ delete winnerCountryId;
+ delete totalWinnerShares;
+ setCountry(newCountries);
+}
Updates

Appeal created

bube Lead Judge 20 days ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!