joinEvent() uses a strict > comparison against eventStartDate, which allows participants to join exactly at the start timestamp. This creates a one-block window for late participation that may contradict the intended lifecycle.

Description

• In the joinEvent() function, the contract checks whether the current time is greater than the event start date before reverting:

This means if a transaction is executed at the exact second of eventStartDate, it will pass validation and allow new participants to join after the event has technically begun.

Such boundary-condition logic may cause fairness issues, enable last-moment joins, or break downstream assumptions (for example, total shares fixed before event start).

Risk

Likelihood:

Impact:

Fairness Risk: Users can still enter once the event has “started.”

• Inconsistent State: Lifecycle assumptions (e.g., locking participants at start) can be violated.

  
  

• Potential MEV Exploit: Attackers could front-run the first post-start block to sneak in additional entries.

Proof of Concept

The test passes (no revert), confirming the issue.

Recommended Mitigation

Update the time comparison to block joins at or after the event start: