Event can publish false results
Summary
The event generated to publish the results of a battle and the actual result of said battle can differ, leading to events and actual results not matching.
Vulnerability Details
In rapBattle.sol::_battle, the outcome of a battle is determined twice:
once to generate an event
once to determine who should receive the prize of the battle
These two checks, however, differ, as one uses an inclusive comparison (<=), and the other a strict one (<).
The check to generate the event is
while the check to determine who receives the prize is
There is a clear, edge-case scenario where random is equal to defenderRapperSkill and these two checks end up returning opposite outcomes.
Impact
If the events are used for logging the outcomes of battles, there is a potential mismatch between the published results, via the event mechanism, and the actual winner, represented by the NFT owner that receives the prize.
Tools Used
Manual review, VSCode
Recommendations
The two checks should be equal, either both inclusive or both strict.
Lead Judging Commences
Contradictory battle result event
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.