First Flight #10: One Shot
First Flight #10
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

There can be a discrepancy between the winner parameter in the `Battle` event in `RapBattle.sol` and the actual winner determined by the function's logic.

dimah7

Vulnerability Details

In the Battle event the winner parameter is checked with ternary operator:

random < defenderRapperSkill ? _defender : msg.sender

However this check differs from the function's logic:

if (random <= defenderRapperSkill) {
// We give them the money the defender deposited, and the challenger's bet
credToken.transfer(_defender, defenderBet);
credToken.transferFrom(msg.sender, _defender, _credBet);
}

As can be seen, if the random parameter is equal to defenderRapperSkill the cred tokens will be transfered to the defender, but the winner parameter in the event will be emitted as msg.sender i.e the challenger.

Impact

This discrepancy can lead to a confusion and misinterpretation of the event data to the external observers, as the emitted winner address doesn't align with the actual winner in such case.

Tools Used

Manual Review

Recommendations

Fix the ternary operator check in the Battle event:

- emit Battle(msg.sender, _tokenId, random < defenderRapperSkill ? _defender : msg.sender);
+ emit Battle(msg.sender, _tokenId, random <= defenderRapperSkill ? _defender : msg.sender);
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Contradictory battle result event

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.