Missing proper functionality to update `battlesWon` field leads to loss of record of wins for every rapper
Summary
There is a field inside the IOneShot::RapperStats struct called battlesWon which should likely store the number of battles won by a particular rapper. However, there is no function in the OneShot contract that lets the RapBattle contract update this variable inside the rapperStats mapping.
Vulnerability Details
The OneShot::updateRapperStats function let's only the Streets contract update the rapperStats mapping. However, the RapBattle contract, where every battle happens, must also be provided a way to access the rapperStats mapping so that it can increment the battlesWon field by 1 at the end of every battle for the winner NFT.
Impact
There is no way to record number of wins of a rapper.
Tools Used
Foundry
Recommendations
Create a function inside OneShot contract to increment the battlesWon field stored inside the rapperStats mapping. Also, in order to provide a proper access control to this function, there might be a need for another state variable to hold the RapBattle contract's address along with a setter for this variable.
Lead Judging Commences
`battlesWon` is never updated
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.