-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPrivateClub.sol
76 lines (62 loc) · 2.51 KB
/
PrivateClub.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.0;
import '@openzeppelin-08/access/Ownable.sol';
import '@openzeppelin-08/utils/ReentrancyGuard.sol';
contract PrivateClub is ReentrancyGuard, Ownable {
uint256 private registerEndDate;
event setRegEndDate(uint256 registerEndDate);
event memberWithdrawevent(address member, address to, uint256 amount);
address[] public members_;
mapping(address => bool) public members;
constructor(address _initialOwner) Ownable(_initialOwner) {}
receive() external payable {}
uint256 public membersCount;
// @audit The owner can set the registration end date and prevent users to become members.
function setRegisterEndDate(uint256 _newRegisterEndDate) external onlyOwner {
registerEndDate = _newRegisterEndDate;
emit setRegEndDate(registerEndDate);
}
// @audit There's no check of the members list. A malicous actor could craft a members list that
// only contains its address to become a member without paying any ether.
function becomeMember(
address[] calldata _members
) external payable nonReentrant {
require(block.timestamp < registerEndDate, 'registration closed');
require(_members.length == membersCount, 'wrong members length');
require(msg.value == membersCount * 1 ether, 'need more ethers');
bool success;
for (uint256 i = 0; i < _members.length; i++) {
(success, ) = _members[i].call{value: 1 ether}('');
require(success, 'Low-level call failed');
}
membersCount += 1;
members[msg.sender] = true;
members_.push(msg.sender);
}
modifier onlyMember() {
bool member;
for (uint256 i = 0; i < membersCount; i++) {
if (members_[i] == msg.sender) {
member = true;
}
}
require(member == true, 'you are not a member');
_;
}
// @audit The owner of the contract can withdraw all the funds.
function adminWithdraw(address to, uint256 amount) external onlyOwner {
(bool success, ) = payable(to).call{value: amount}('');
require(success, 'Low-level call failed');
}
// @audit The owner can add any member for free and after the registration has closed.
function addMemberByAdmin(address newMember) external onlyOwner {
membersCount += 1;
members[newMember] = true;
members_.push(newMember);
}
// @audit Any member can become a new owner by sending 10 ether to the contract.
function buyAdminRole(address newAdmin) external payable onlyMember {
require(msg.value == 10 ether, 'need 10 ethers');
_transferOwnership(newAdmin);
}
}