First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Players who made one prediction are not eligible for reward

enchev

Summary

Players who made one prediction are not eligible for reward.

Vulnerability Details

The method ScoreBoard::isEligibleForReward is determines if a user would be able to withdraw prize pool based on the prediction's count that were made by the user. The docs specifies that anyone who made at least one prediction is eligible for it but the current implementation of the method requires at least 2

Impact

Players who made one prediction are not eligible for reward despite the docs specifying that at least 1 prediction needs to be made which leads to unexpected behaviour and for funds to remain stucked in the contract (if the user that made one prediction guessed correctly).

Tools Used

Manual review

Recommendations

Rewrite the ScoreBoard::isEligibleForReward method in a way that checks if at least one prediction was made by the user:

return
results[NUM_MATCHES - 1] != Result.Pending &&
- playersPredictions[player].predictionsCount > 1;
+ playersPredictions[player].predictionsCount > 0;
}
Updates

Lead Judging Commences

NightHawK Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

The eligibility criteria is wrong

Players with only one prediction cannot withdraw.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.