Submission Details
Severity:
Bad equality in the emission of the event `RapBattle::Battle` might return wrong values
Summary
Bad equality in the emission of the event RapBattle::Battle might return wrong values
Vulnerability Details
Inside the function RapBattle::_battle we have the following snippet:
.
.
.
emit Battle(
msg.sender,
_tokenId,
random < defenderRapperSkill ? _defender : msg.sender
);
// If random <= defenderRapperSkill -> defenderRapperSkill wins, otherwise they lose
if (random <= defenderRapperSkill) {
// We give them the money the defender deposited, and the challenger's bet
credToken.transfer(_defender, defenderBet);
credToken.transferFrom(msg.sender, _defender, _credBet);
} else {
// Otherwise, since the challenger never sent us the money, we just give the money in the contract
credToken.transfer(msg.sender, _credBet);
}
.
.
.
As you can see, if the value of random and defenderRapperSkill are the same, the event emits that the winner is the attacker(msg.sender). However, when giving the rewards, if those variables are equal, the rewards are sent to the defender!
Impact
The event might emit wrong information
Tools Used
Manual Review
Recommendations
Use <= instead of < inside the emit command :
emit Battle(
msg.sender,
_tokenId,
+ random <= defenderRapperSkill ? _defender : msg.sender
- random < defenderRapperSkill ? _defender : msg.sender
);
Updates
Lead Judging Commences
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
Contradictory battle result event
Rewards breakdown
nSLOC
201This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.