Beatland Festival

AI First Flight #4

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: low

Invalid

No Maximum Limit on Performance Duration and Reward Amount

muzammilmohammed678

Root + Impact

Description

The `createPerformance()` function does not enforce maximum limits on `duration` or `reward` parameters. While the function validates that these values are greater than zero, extremely large values could cause integer overflow in calculations or create unintended economic behavior.
The normal behavior should validate that duration and reward amounts are within reasonable bounds to prevent edge cases and potential overflow issues.

```solidity

function createPerformance(

uint256 startTime,

uint256 duration,

uint256 reward

) external onlyOrganizer returns (uint256) {

require(startTime > block.timestamp, "Start time must be in the future");

require(duration > 0, "Duration must be greater than 0"); // @> No maximum limit

// @> No validation on reward amount

performances[performanceCount] = Performance({

startTime: startTime,

    endTime: startTime + duration, *// @> Could overflow if duration is extremely large*

    baseReward: reward *// @> No maximum limit*

});

}

```

Risk

Likelihood:

* Organizer can set any duration and reward amount

* Accidental or malicious configuration of extreme values

* While Solidity 0.8.25 has overflow protection, extremely large values still cause issues

Impact:

* Potential integer overflow in `startTime + duration` calculation

* Unintended economic behavior with extremely large rewards

* Gas issues when processing large reward amounts

* Potential DoS if reward calculation exceeds gas limits

Proof of Concept

```solidity

// Organizer creates performance with extremely large duration

organizer.createPerformance(

block.timestamp + 1,

type(uint256).max, // Maximum possible duration

1e30 // Extremely large reward

);

// endTime calculation: startTime + type(uint256).max

// Could cause issues in time-based checks

// Reward minting could exceed gas limits

```

Recommended Mitigation

```diff

+uint256 constant MAX_DURATION = 365 days;

+uint256 constant MAX_REWARD = 1_000_000e18; // 1 million tokens

function createPerformance(

uint256 startTime,

uint256 duration,

uint256 reward

) external onlyOrganizer returns (uint256) {

require(startTime > block.timestamp, "Start time must be in the future");

require(duration > 0, "Duration must be greater than 0");

+ require(duration <= MAX_DURATION, "Duration exceeds maximum");

+ require(reward > 0, "Reward must be greater than 0");

+ require(reward <= MAX_REWARD, "Reward exceeds maximum");

// ...

}

```

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 16 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!