Malicious defenders can force challengers to waste gas for 0 rewards.
RapBattle:goOnStageOrBattle()
allows a _credBet
of 0, enabling defenders to force challengers into pointless battles.
A malicious user becomes a defender with a a _credBet
value of 0.
A legitimate user wishes to battle, however they notice that they will receive no reward by winning the battle.
If the user wants to be able to battle for rewards in the future, they must defeat the defender anyway, otherwise no other legitimate user will be able to become the defender.
Malicious users can force challengers to waste gas battling for 0 potential rewards. The defender needs to be removed before a legitimate user can replace them.
Manual Review.
Prevent zero _credBet
in RapBattle:goOnStageOrBattle()
with require(_credBet>0);
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.