Battle winner deciding logic gives advantage to the defender
Summary
In RapBattle.sol, if 'random == defenderRapperSkill' the defender should lose, but they win instead.
Vulnerability Details
Let's use a example for this issue: if defenderRapperSkill = 60 and challengerRapperSkill = 40 then totalBattleSkill = 100. The random number can go from 0 to 99 (100 differentes possibilities in total). For defender to win, values from 0 to 59 (60 possibilities out of 100) are valid; values from 60 to 99 (40 possibilities out of 100) should make the challenger win.
However, 'if (random <= defenderRapperSkill)' makes defender win when random = 60, giving the defender 61% chances to win against 39% for the challenger.
Impact
High impact. All the battle will be disputed with an additional advantage for the defender, which may lead to a victory for the wrong player.
Tools Used
Manual review
Foundry testing
Recommendations
Change the logic of that line if (random <= defenderRapperSkill) {
to
if (random < defenderRapperSkill) {
Lead Judging Commences
Defender's advantage
Defender's advantage
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.