First Flight #10: One Shot

First Flight #10

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Wrong starting base skill and missing checks for rapper's skill allow under-skilled rappers to go on stage

y0ng0p3

Summary

Wrong BASE_SKILL applied to rappers along with no checks for rapper skill about to go on stage to meet skill requirements leads to under-skilled rappers to go on stage.

Vulnerability Details

The documentation stipulates that :

A base skill of 50 is applied to all rappers in battle,...

But the BASE_SKILL in the codebase is set to 65

File src/RapBattle.sol

20: uint256 public constant BASE_SKILL = 65; // The starting base skill of a rapper

For a new rapper, the skill will be 65 - 5 - 5 - 5 = 50, which is enough to go on stage.
However, they normally could go on stage if the correct starting base skill of 50 was applied.
With this, the skill of a new rapper who didn't staked his RPR would be 50 - 5 - 5 - 5 = 35.
This is under the required skill (50) to go on stage for a battle.
There is not check for that. As a result, it allows rappers to go on stage even if they don't have enough skills.

Impact

Given the fact that the only way for rappers to improve their stats and earn CRED is by staking their RPR in Streets.sol, and also given the fact that there is no checks for _credBet to be greater than 0 (more info in my previous finding),
new rappers can go on stage without having enough skill and any CRED to bet.

Tools Used

Manual review

Recommendations

Applied the right starting base skill.

And add a check if rapper's skills meet BASE_SKILL requirement.

File src/RapBattle.sol

- 20: uint256 public constant BASE_SKILL = 65; // The starting base skill of a rapper

+ 20: uint256 public constant BASE_SKILL = 50; // The starting base skill of a rapper

File src/RapBattle.sol

function goOnStageOrBattle(uint256 _tokenId, uint256 _credBet) external {

+ require(getRapperSkill(_tokenId) >= BASE_SKILL, "RapBattle: Not enough skill");

if (defender == address(0)) {

defender = msg.sender;

defenderBet = _credBet;

defenderTokenId = _tokenId;

emit OnStage(msg.sender, _tokenId, _credBet);

oneShotNft.transferFrom(msg.sender, address(this), _tokenId);

credToken.transferFrom(msg.sender, address(this), _credBet);

} else {

// credToken.transferFrom(msg.sender, address(this), _credBet);

_battle(_tokenId, _credBet);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

Battle skill is 65 not 50

Rewards breakdown

nSLOC

201

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.