Submission Details
Impact:
Likelihood:
Timestamp Comparison in joinEvent() Allows Joining At Event Start
The joinEvent() function uses block.timestamp > eventStartDate which means users can still join exactly when the event starts (block.timestamp == eventStartDate). The requirement states "users should not be able to deposit once the event starts," suggesting they should not be able to join at or after the start time.
Impact:
Users can join at the exact moment of event start
Violates stated requirement
Could allow last-second betting based on information
Proof of Concept:
function testCanJoinExactlyAtEventStart() public {
vm.startPrank(attacker);
asset.approve(address(vault), 10000 * 10**18);
vault.deposit(10000 * 10**18, attacker);
vm.stopPrank();
// Warp to exact event start time
vm.warp(vault.eventStartDate());
// This should fail but doesn't
vm.prank(attacker);
vault.joinEvent(0); // Succeeds when it shouldn't
}
Mitigation:
Change the comparison to >=:
function joinEvent(uint256 countryId) public {
// ...
- if (block.timestamp > eventStartDate) {
+ if (block.timestamp >= eventStartDate) {
revert eventStarted();
}
// ...
}
Rewards breakdown
nSLOC
193This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.