`getActivePlayerIndex` returns misleading index for non-existent player
Summary
The function getActivePlayerIndex is designed to return the index of a player in an array. However, it exhibits a critical issue where searching for a non-existent player returns the same index (0) as the first player in the array. This behavior could lead to incorrect or misleading results when attempting to determine a player's position or existence within the array.
Vulnerability Details
The function getActivePlayerIndex iterates through the players array to find a player's index. If the player is found, it returns their index. However, if the player is not found, the function defaults to returning 0. This behavior is problematic because 0 is a valid index in the array (representing the first player). As a result, querying the index of a non-existent player erroneously indicates that they are the first player in the array.
Proof of Concept (PoC):
Impact
The incorrect return value when querying a non-existent player can lead to:
False positives when checking for a player's presence.
Potential logic errors in contract functions that rely on accurate index information.
Misleading results for end-users or other smart contracts interacting with this function.
Tools Used
manual revision
Recommendations
Consider use a different value for determining that user is not found
Lead Judging Commences
getActivePlayerIndex can say a player is both entered at slot 0 and inactive
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.