b0g0_ctf - deposit function always sets user deposit to the current deposit #27
Labels
bug
Something isn't working
Comments
|
This is an issue from the incorrect initial version of the CTF(technical error on my side) . I decided those would also get awarded, since it's fair to do so. Your submission is valid and you're the first one to submit it, so you'll get a reward |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug in deposit() function
Description of bug:
In the deposit() function, if a user deposits multiple times, only the first deposit is correctly recorded. Subsequent deposits are not properly accumulated, resulting in only the first deposit being withdrawable. This oversight causes issues when users attempt to withdraw their additional deposits, leading to reversion errors and locked funds.
Impact
Due to this bug, users who make multiple deposits will experience issues withdrawing their funds beyond the initial deposit. The failure to properly accumulate the deposit values causes the contract to lock the additional funds, making them inaccessible and resulting in a poor user experience.
Solution
To resolve this issue, modify the deposit handling logic from
deposits[msg.sender] = msg.valuetodeposits[msg.sender] += msg.value. This adjustment ensures that each new deposit is added to the existing balance, allowing users to withdraw their total deposited amount accurately.The text was updated successfully, but these errors were encountered: