Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: low
Invalid

Defender can 'withdraw' from stage at no risk by battling themself

Summary

A defender can withdraw from the stage at any time.

Vulnerability Details

A defender can at any point, call RapBattle:goOnStageOrBattle() to battle themself. Whether they win or lose, the outcome will be the same, the risked ERC20 tokens will be transferred back to the user, as will their nft.

Impact

This vulnerability allows a defender to withdraw from the stage at 0 risk to their bet.

Tools Used

Manual Review

Recommendations

Add a check to RapBattle:_battle() to prevent a user from battling themself - require(_defender != msg.sender, "User can not battle themself!")

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
0xKowalski Submitter
over 1 year ago
inallhonesty Lead Judge
over 1 year ago
inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

It's YOU vs YOU

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.