First Flight #10: One Shot
First Flight #10
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

High winning chances due to wrong base skill value

ayakd

Summary

A base skill of 65 is applied to all rappers but according to the documentation it's supposed to be 50.

Vulnerability Details

In the RapBattle contract we have:

uint256 public constant BASE_SKILL = 65; // The starting base skill of a rapper

RappBattle::BASE_SKILL is used to evaluate a rapper's finalSkill according to RapBattle::getRapperSkill()

function getRapperSkill(uint256 _tokenId) public view returns (uint256 finalSkill) {
IOneShot.RapperStats memory stats = oneShotNft.getRapperStats(_tokenId);
finalSkill = BASE_SKILL;
if (stats.weakKnees) {
finalSkill -= VICE_DECREMENT;
}
if (stats.heavyArms) {
finalSkill -= VICE_DECREMENT;
}
if (stats.spaghettiSweater) {
finalSkill -= VICE_DECREMENT;
}
if (stats.calmAndReady) {
finalSkill += VIRTUE_INCREMENT;
}
}

And the bigger the defender's skills, the bigger his chance to win:

// If random <= defenderRapperSkill -> defenderRapperSkill wins, otherwise they lose
if (random <= defenderRapperSkill) {
// We give them the money the defender deposited, and the challenger's bet
credToken.transfer(_defender, defenderBet);
credToken.transferFrom(msg.sender, _defender, _credBet);
} else {
// Otherwise, since the challenger never sent us the money, we just give the money in the contract
credToken.transfer(msg.sender, _credBet);
}

Impact

  • Loss of fund as defenders will have bigger chances to win

Tools Used

Manual review

Recommendations

Fix the value of RapBattle::BASE_SKILL

uint256 public constant BASE_SKILL = 50; // The starting base skill of a rapper
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Battle skill is 65 not 50

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.