Submission Details
Severity:
getActivePlayerIndex returns 0 - incorrect player index will be returned
Summary
the function should not return 0 if no player is found, cause it's the index of the first player
Vulnerability Details
index 0 is the first element of the players array, not a falsy return
Impact
if the function is called and a player doesn't exist, it will return the 1st player, instead of saying that the player doesn't exist
Tools Used
hardhat
Recommendations
the function should revert tx or return false for example and then revert. But the much better way is to use a mapping for players, it would make thing much more cleaner and cheaper and better in all senses
function getActivePlayerIndex(address player) external view returns (uint256) {
for (uint256 i = 0; i < players.length; i++) {
if (players[i] == player) {
return i;
}
}
- return 0;
}
function getActivePlayerIndex(address player) external view returns (uint256) {
for (uint256 i = 0; i < players.length; i++) {
if (players[i] == player) {
return i;
}
}
+ revert('Player not found');
}
Updates
Lead Judging Commences
Hamiltonite about 2 years ago
Submission Judgement Published Assigned finding tags:
getActivePlayerIndex can say a player is both entered at slot 0 and inactive
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.