Submission Details
Severity:
Player's recognition at index 0 is missing.
Summary
getActivePlayerIndex is not able to recognize (active | not active) player at index 0.
Vulnerability Details
getActivePlayerIndex
function getActivePlayerIndex(address player) external view returns (uint256) {
for (uint256 i = 0; i < players.length; i++) {
if (players[i] == player) {
return i;
}
}
return 0; // 👈 due to this, If a player is not active then return 0, is the issue for player who actually exists at index 0 in players array.
}
Impact
This will mislead players who wanted to know their index.
Tools Used
Manual review
Recommendations
We can return a -1 for inactive players as we expect a unsigned integer value to retrieve a player's address from players array and upto my knowing last value can't be retrieved using -1 from an array in solidity?!. So, That will not raise any issue.
take a look on a solution...👇
getActivePlayerIndex fixed
// @return the index of the player in the array, if they are not active, it returns -1
function getActivePlayerIndex(address player) external view returns (int256) {
for (uint256 i = 0; i < players.length; i++) {
if (players[i] == player) {
return int256(i);
}
}
return -1;
}
Updates
Lead Judging Commences
Hamiltonite about 2 years ago
Submission Judgement Published Assigned finding tags:
getActivePlayerIndex can say a player is both entered at slot 0 and inactive
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.