Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Invalid

Never returning entranceFees in `ThePredicter::withdraw()`

Summary

The readMe states that:

If all Players have a negative number of points, they will receive back the value of the entry fee.

With the current state of the function this condition is never met due to the additional check for maxScore.

Vulnerability Details

https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ThePredicter.sol#L111-L144

if (maxScore > 0 && score <= 0) {
revert ThePredicter__NotEligibleForWithdraw();
}
...
// The if statement above does not allow the ternary operator to function properly
reward = maxScore < 0
? entranceFee
: (shares * players.length * entranceFee) / totalShares;

Impact

Players will not receive their entrance fee back if all players have negative scores, contrary to the specified rules. This can lead to financial losses and dissatisfaction among participants, potentially causing reputational damage to the organizer.

Tools Used

Manual review

Recommendations

Removing the if statement condition for maxScoreand moving the if statement up in the function would be also more gas effiecient.

function withdraw() public {
if (!scoreBoard.isEligibleForReward(msg.sender)) {
revert ThePredicter__NotEligibleForWithdraw();
}
int8 score = scoreBoard.getPlayerScore(msg.sender);
+ if (score <= 0) {
+ revert ThePredicter__NotEligibleForWithdraw();
+ }
int8 maxScore = -1;
int256 totalPositivePoints = 0;
for (uint256 i = 0; i < players.length; ++i) {
int8 cScore = scoreBoard.getPlayerScore(players[i]);
if (cScore > maxScore) maxScore = cScore;
if (cScore > 0) totalPositivePoints += cScore;
}
- if (maxScore > 0 && score <= 0) {
- revert ThePredicter__NotEligibleForWithdraw();
- }
uint256 shares = uint8(score);
uint256 totalShares = uint256(totalPositivePoints);
uint256 reward = 0;
reward = maxScore < 0
? entranceFee
: (shares * players.length * entranceFee) / totalShares;
if (reward > 0) {
scoreBoard.clearPredictionsCount(msg.sender);
(bool success, ) = msg.sender.call{value: reward}("");
require(success, "Failed to withdraw");
}
}
Updates

Lead Judging Commences

NightHawK Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.