`RapBattle::_battle()` emits incorrect data on `Battle` event
Summary
The RapBattle::_battle() function potentially emits the Battle event with an incorrect winner due to a discrepancy in the winner determination logic.
Vulnerability Details
The RapBattle::battle() function's documentation and logic aim to determine the battle winner based on the comparison between a randomly generated number (random) and the defender's skill level (defenderRapperSkill). The comment within the function specifies the intended logic:
This logic is correctly implemented in the conditional check:
However, the event that announces the battle's outcome incorrectly calculates the winner using a strict less-than comparison (random < defenderRapperSkill), as shown below:
Impact
Consider a scenario where both random and defenderRapperSkill equal 65. According to the intended logic, the defender should emerge victorious. However, due to the erroneous comparison in the event emission, the system mistakenly declares the challenger as the winner. This discrepancy can lead to external systems misinterpreting the outcome of battles, affecting game dynamics and participant strategies.
Tools Used
Manual review.
Recommendations
To resolve this inconsistency, adjust the event emission logic to align with the documented and implemented winner determination criteria:
Lead Judging Commences
Contradictory battle result event
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.