Submission Details
Severity:
Challenger and participant can be same, results in challenger wins everytime
Summary
th expected nft charateristics update logic must happen randomly by choosing either challenger or participant, but there is a bug by which both participant and challenger can be same resulting in always winning of caller/players.
Vulnerability Details
Place below code in Dussehra.t.sol anf run forge test --mt test__ChallengerIsParticipant
function test__ChallengerIsParticipant() public participants {
assertEq(ramNFT.getCharacteristics(0).isJitaKrodhah, false);
vm.startPrank(player1);
choosingRam.increaseValuesOfParticipants(0, 0);
vm.stopPrank();
assertEq(ramNFT.getCharacteristics(0).isJitaKrodhah, true);
}
Impact
Unfair advantage for players to always win
Tools Used
Recommendations
Place below code changes in ChoosingRam.sol
+ error ChoosingRam__ChallengerAndParticipantCantBeSame
function increaseValuesOfParticipants(uint256 tokenIdOfChallenger, uint256 tokenIdOfAnyPerticipent)
public
RamIsNotSelected
{
+ if(tokenIdOfChallenger == tokenIdOfAnyPerticipent){
+ revert ChoosingRam__ChallengerAndParticipantCantBeSame();
}
}
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.