First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

No reward or refund for a "one-time" Player

cryptedoji

Summary

If a player predicts just one out of the 9 matches, she will NEITHER be eligible to claim any reward(if She wins) NOR will she even get a refund of entranceFee (if she lost in the prediction with every other players individual cummulative score being -ve).

Vulnerability Details

based on the design stated in the docs
Players can receive an amount from the prize fund only if their total number of points is a positive number and if they had paid at least one prediction fee.

If a player is able to predict at least ONE match and she scored a +ve point she is eligible to claim reward or if she scored a -ve point together with all other players individual cummulative score being -ve then, she can get a refund of her entranceFee. However, the checkEligibility function has made it imposibble for her to even get a payment at the end of the tournament. code highlighted below.

function isEligibleForReward(address player) public view returns (bool) {
return
results[NUM_MATCHES - 1] != Result.Pending &&
- playersPredictions[player].predictionsCount > 1;
}

Impact

  • player fund gets stuck with the protocol

Tools Used

  • Manual review

  • Documentation

Recommendations

function isEligibleForReward(address player) public view returns (bool) {
return
results[NUM_MATCHES - 1] != Result.Pending &&
+ playersPredictions[player].predictionsCount >= 1;
}
Updates

Lead Judging Commences

NightHawK Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

The eligibility criteria is wrong

Players with only one prediction cannot withdraw.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.