First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

`increaseValuesOfParticipants()` is a risk-free function

0xlrivo

Summary

increaseValuesOfParticipants() doesn't add any limitations to the tokenIds that you can pass as parameters (apart from their existence)

So, the following situations are possible:

  • the same value for both parameters

  • two NFTs that you control on different accounts

Of course, in those situations, the caller always wins.

Impact

increaseValuesOfParticipants is risk-free because users can always choose a favorable situation for them.

POC

Add the following test to test/Dussehra.t.sol:

function test_sameParamsAlwaysWin() public participants {
// player1 calls increaseValuesOfParticipants(0, 0) 5 times
vm.startPrank(player1);
for(uint i; i < 5; i++) {
choosingRam.increaseValuesOfParticipants(0, 0);
}
assertEq(choosingRam.selectedRam, player1);
vm.stopPrank();
}

A code like this can be easily added into a smart contract function and called after this contract has entered the competition with the tokenId that he received.

Recommendations

Even if we disallow increaseValuesOfParticipants to accept the same value for both his parameter, users can still create multiple accounts and only pick battles with NFTs they own.

A possible solution to this is to also randomly pick tokenIdOfAnyPerticipent to add more fairness to the game.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Challenge themselves

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.