First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

The closing time for match predictions in function `ThePredicter::makePrediction` is implemented using an incorrect timestamp check.

saurabh_singh

Summary:

The condition check within the ThePredicter::makePrediction method is implemented incorrectly, causing predictions to close at a different time than specified in the contract's README.

if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) {
revert ThePredicter__PredictionsAreClosed();
}

Vulnerability Details:

The README specifies the Predictions closing time as 19:00:00 UTC on the day of the match.

The if condition within ThePredicter::makePrediction is incorrect, resulting in an incorrect prediction closing time.

function makePrediction(uint256 matchNumber, ScoreBoard.Result prediction) public payable {
if (msg.value != predictionFee) {
revert ThePredicter__IncorrectPredictionFee();
}
@> if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) {
revert ThePredicter__PredictionsAreClosed();
}
scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);
scoreBoard.setPrediction(msg.sender, matchNumber, prediction);
}

For the first match, the expected closing time is August 15, 2024, 19:00:00 UTC (Unix timestamp: 1723748400). Therefore, the if condition START_TIME + matchNumber * 68400 - 68400 should evaluate to 1723748400.

the calculations are given below for first match:

START_TIME + matchNumber * 68400 - 68400
// for first match (matchNumber = 1)
1723752000 + 1 * 68400 - 68400 = 1723752000
//((1723748400) != (1723752000))

Clearly ((1723748400) != (1723752000))

Proof of concept :

Lets take an example of closing time for 2nd match,

For the second match, the closing time for predictions should indeed be August 16, 2024, 19:00:00 UTC (Unix timestamp: 1723834800).

Now, lets calculate the value given in if condition within ThePredicter::makePrediction . i.e START_TIME + matchNumber * 68400 - 68400.

START_TIME + matchNumber * 68400 - 68400
// for first match (matchNumber = 2)
1723752000 + 2*68400 - 68400 = 1723820400
//1723820400 this value in Date and time will be August 16, 2024 15:00:00
//the value should be August 16, 2024, 19:00:00 in unix timestamp is :- 1723834800
//clearly, (1723834800 != 1723820400)
// (expected != if conditon calculation result)

Expected value : 1723834800 (August 16, 2024, 19:00:00)

calculation value : 1723820400 (August 16, 2024 15:00:00)

The provided examples demonstrate that the if condition START_TIME + matchNumber * 68400 - 68400 does not accurately calculate the correct closing time for predictions.

Impact :

Incorrect prediction closing times prevent players from making predictions as intended, compromising fair play and resulting in the loss of prediction fees.

Tools Used :

Manual Review

Recommendations :

Replace the original condition with the following to correctly determine the prediction closing time:

function makePrediction(uint256 matchNumber, ScoreBoard.Result prediction) public payable {
if (msg.value != predictionFee) {
revert ThePredicter__IncorrectPredictionFee();
}
- if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) {
- revert ThePredicter__PredictionsAreClosed();
- }
+ if (block.timestamp > START_TIME + matchNumber * 86400 - 90000) {
+ revert ThePredicter__PredictionsAreClosed();
+ }
scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);
scoreBoard.setPrediction(msg.sender, matchNumber, prediction);
}
Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Match timestamps are incorrect

In both contracts there is a similar error in the computation of the timestamps of the matches.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.