```RapBattle::BASE_SKILL``` incorrect starting base skill value of a rapper
Summary
The RapBattle::BASE_SKILL is defined in the code with a value of 65, which is intended to represent the starting base skill of a rapper. However, according to the provided documentation, the expected value for BASE_SKILL should be 50 (as written in the docs "Users can put their Cred on the line to step on stage and battle their Rappers. A base skill of 50 is applied to all rappers in battle, and this is modified by the properties the rapper holds."). This discrepancy between the implemented value and the documented value lead to unintended behavior in the smart contract's logic, particularly in the calculation of rapper skills during battles.
Vulnerability Details
The vulnerability arises from the hard-coded value of BASE_SKILL being set to 65 instead of the documented value of 50. This inconsistency can affect the balance and fairness of the rap battles, as the base skill level plays a crucial role in determining the outcome of battles. The calculation of a rapper's skill, which influences the battle's winner, relies on this base value, and thus, an incorrect base skill value can lead to skewed results.
Impact
The impact of this vulnerability includes:
Unfair Battle Outcomes: participants might face unfair conditions during battles which could favor certain outcomes over others.
Economic Implications: since battles involve betting of credToken, incorrect battle outcomes could lead to unjust distribution of tokens
Tools Used
Manual review
Recommendations
Edit the BASE_SKILL value in the code.
Lead Judging Commences
Battle skill is 65 not 50
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.