First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect validation of time for making prediction

enchev

Summary

The logic for validating if a user is making prediction within the required time period doesn't work properly.

Vulnerability Details

Both methods ThePredicter::makePrediction and ScoreBoard::setPrediction contain logic for validating if user is making prediction within the required time period - until 19:00:00 UTC on the day of the match. However the used timestamps calculation do not match that condition. For example 68400 represents 19 hours and not 24 hours as the logic would suggest. The substraction of one hour also is not correctly implemented.

Impact

Users cannot make predictions in some time periods that they should be able to (for example in 18:00:00 UTC on the day of the match).

Tools Used

Manual Review

Recommendations

Rewrite checks as follows:

  1. For the ThePredicter::makePrediction method:

- if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) {
+ if (block.timestamp > START_TIME + matchNumber * 86400 - 3600) {

  1. For the ScoreBoard::setPrediction method:

- if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400)
+ if (block.timestamp <= START_TIME + matchNumber * 86400 - 3600)
Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Match timestamps are incorrect

In both contracts there is a similar error in the computation of the timestamps of the matches.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.