Submission Details
Severity:
Never returning entranceFees in `ThePredicter::withdraw()`
Summary
The readMe states that:
If all Players have a negative number of points, they will receive back the value of the entry fee.
With the current state of the function this condition is never met due to the additional check for maxScore.
Vulnerability Details
if (maxScore > 0 && score <= 0) {
revert ThePredicter__NotEligibleForWithdraw();
}
...
// The if statement above does not allow the ternary operator to function properly
reward = maxScore < 0
? entranceFee
: (shares * players.length * entranceFee) / totalShares;
Impact
Players will not receive their entrance fee back if all players have negative scores, contrary to the specified rules. This can lead to financial losses and dissatisfaction among participants, potentially causing reputational damage to the organizer.
Tools Used
Manual review
Recommendations
Removing the if statement condition for maxScoreand moving the if statement up in the function would be also more gas effiecient.
function withdraw() public {
if (!scoreBoard.isEligibleForReward(msg.sender)) {
revert ThePredicter__NotEligibleForWithdraw();
}
int8 score = scoreBoard.getPlayerScore(msg.sender);
+ if (score <= 0) {
+ revert ThePredicter__NotEligibleForWithdraw();
+ }
int8 maxScore = -1;
int256 totalPositivePoints = 0;
for (uint256 i = 0; i < players.length; ++i) {
int8 cScore = scoreBoard.getPlayerScore(players[i]);
if (cScore > maxScore) maxScore = cScore;
if (cScore > 0) totalPositivePoints += cScore;
}
- if (maxScore > 0 && score <= 0) {
- revert ThePredicter__NotEligibleForWithdraw();
- }
uint256 shares = uint8(score);
uint256 totalShares = uint256(totalPositivePoints);
uint256 reward = 0;
reward = maxScore < 0
? entranceFee
: (shares * players.length * entranceFee) / totalShares;
if (reward > 0) {
scoreBoard.clearPredictionsCount(msg.sender);
(bool success, ) = msg.sender.call{value: reward}("");
require(success, "Failed to withdraw");
}
}
Rewards breakdown
nSLOC
191This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.