Submission Details
Severity:
Incorrect logic used to get the RapperSkills in ```RapBattle::getRapperSkills```
Summary
The protocol uses the incorrect logic compared to the one that is specified in the docs, the docs mentioned the value be added rather it is subtracted
Vulnerability Details
We can see here that the code didnt follow the docs and rather used to subtract
```javascript
function getRapperSkill(uint256 _tokenId) public view returns (uint256 finalSkill) {
IOneShot.RapperStats memory stats = oneShotNft.getRapperStats(_tokenId);
finalSkill = BASE_SKILL;
if (stats.weakKnees) {
finalSkill -= VICE_DECREMENT;
}
if (stats.heavyArms) {
finalSkill -= VICE_DECREMENT;
}
if (stats.spaghettiSweater) {
finalSkill -= VICE_DECREMENT;
}
if (stats.calmAndReady) {
finalSkill += VIRTUE_INCREMENT;
}
}
```
Impact
This gives the wrong skill value of the rapper which when divided by the random number will result in an incorrect value which is used to pick an incorrect winner
Tools Used
Manual Review
Recommendations
function getRapperSkill(uint256 _tokenId) public view returns (uint256 finalSkill) {
IOneShot.RapperStats memory stats = oneShotNft.getRapperStats(_tokenId);
finalSkill = BASE_SKILL;
- if (stats.weakKnees) {
- finalSkill -= VICE_DECREMENT;
+ if (!stats.weakKnees) {
+ finalSkill += VICE_DECREMENT;
}
- if (stats.heavyArms) {
- finalSkill -= VICE_DECREMENT;
+ if (!stats.heavyArms) {
+ finalSkill += VICE_DECREMENT;
}
- if (stats.spaghettiSweater) {
- finalSkill -= VICE_DECREMENT;
+ if (!stats.spaghettiSweater) {
+ finalSkill += VICE_DECREMENT;
}
}
if (stats.calmAndReady) {
finalSkill += VIRTUE_INCREMENT;
}
}
Updates
Rewards breakdown
nSLOC
201This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.