The increaseValuesOfParticipants
allows the challenger to challenger any participant, and winner gets a characteristic unlocked, but a challenger challenging their own tokenId will make them always win, as both challenger and participants corresponds to the same tokenId, therefore making the challenger to always win and making it unfair for other players.
The vulnerability is present in the increaseValuesOfParticipants
function where it doesn't ensure that the participant tokenId is different from the challenger tokenId, therefore allowing the challenger to execute it with the participant tokenId same as the challnger making them to always win.
As both challenger and participant tokenId are same, therefore no matter what is the result it will go for the same tokenId.
Challenger will always win, making it unfair for other participants.
Add the test in the file: test/Dussehra.t.sol
Run the test:
Manual Review, Unit Test in Foundry
Add a check to ensure that the participant's tokenId passed by challenger is not same as the challenger's in the ChoosingRam::increaseValuesOfParticipants
function.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.