Submission Details
Severity:
Wrong error throw
Summary
In withdrawPredictionFees and cancelRegistration functions, misleading error messages were thrown
Vulnerability Details
function withdrawPredictionFees() public {
if (msg.sender != organizer) {
- revert ThePredicter__NotEligibleForWithdraw();
}
uint256 fees = address(this).balance - players.length * entranceFee;
(bool success, ) = msg.sender.call{value: fees}("");
require(success, "Failed to withdraw");
}
function cancelRegistration() public {
if (playersStatus[msg.sender] == Status.Pending) {
(bool success, ) = msg.sender.call{value: entranceFee}("");
require(success, "Failed to withdraw");
playersStatus[msg.sender] = Status.Canceled;
return;
}
- revert ThePredicter__NotEligibleForWithdraw();//@audit wrong throw==
}
Impact
troubleshooting and testing the codebase could be difficult for devs
userswill find it difficult to use the functions if they fail to pass the condition which throws those error
Tools Used
Manual review
Recommendations
function withdrawPredictionFees() public {
if (msg.sender != organizer) {
+ revert ThePredicter__UnauthorizedAccess();
}
uint256 fees = address(this).balance - players.length * entranceFee;
(bool success, ) = msg.sender.call{value: fees}("");
require(success, "Failed to withdraw");
}
function cancelRegistration() public {
if (playersStatus[msg.sender] == Status.Pending) {
(bool success, ) = msg.sender.call{value: entranceFee}("");
require(success, "Failed to withdraw");
playersStatus[msg.sender] = Status.Canceled;
return;
}
+ revert ("Not_Allowed_To_CancelRegistration");
}
Rewards breakdown
nSLOC
191This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.