First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

The `ScoreBoard::setPrediction` method uses an incorrect if condition to update the playersPredictions mapping for a prediction made by player.

saurabh_singh

Summary :-

The if condition block.timestamp <= START_TIME + matchNumber * 68400 - 68400 is incorrect in the ScoreBoard::setPrediction function, preventing timely updates to the playersPredictions mapping and prediction made by players.

Vulnerability Details :-

The incorrectly implemented if condition in ScoreBoard::setPrediction will permit players to update the prediction map at incorrect times, potentially after the match, leading to a violation of the protocol's intended functionality.

function setPrediction(address player, uint256 matchNumber, Result result) public {
@> if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400) {
@> playersPredictions[player].predictions[matchNumber] = result;
@> }
playersPredictions[player].predictionsCount = 0;
for (uint256 i = 0; i < NUM_MATCHES; ++i) {
if (playersPredictions[player].predictions[i] != Result.Pending && playersPredictions[player].isPaid[i]) {
++playersPredictions[player].predictionsCount;
}
}
}

According to the contract logic, a player can only change their prediction until the match starts i.e upto 19:00:00 UTC on the day of that match. After this time, prediction changes are prohibited.

The calculation block.timestamp <= START_TIME + matchNumber * 68400 - 68400 produces an incorrect result.

Proof of Concept :-

Let's consider an example for the third match, scheduled for August 17, 2024, at 20:00:00. Players should be able to modify their predictions until this exact time.

August 17, 2024, at 20:00:00
// converting the above date and time to unix time stamp
// it should be 1723924800
// now calculating for the formula given in contract i.e START_TIME + matchNumber * 68400 - 68400
1723752000 + 3*68400 -68400 = 1723888800
// August 17, 2024 10:00:00 AM
// clearly the value came from using formula is wrong

Therefore, players will only be able to change their predictions until August 17, 2024, at 10:00:00 AM, which is incorrect.

Impact :-

Players will be unable to change their predictions, which will compromise the protocol's intended functionality, fair play and resulting in wasted prediction fees.

Tools Used :-

Manual Review

Recommendations :-

Change the condition as given below:-

function setPrediction(address player, uint256 matchNumber, Result result) public {
- if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400) {
- playersPredictions[player].predictions[matchNumber] = result;
- }
+ if (block.timestamp <= START_TIME + matchNumber * 86400 - 90000) {
+ playersPredictions[player].predictions[matchNumber] = result;
+ }
playersPredictions[player].predictionsCount = 0;
for (uint256 i = 0; i < NUM_MATCHES; ++i) {
if (playersPredictions[player].predictions[i] != Result.Pending && playersPredictions[player].isPaid[i]) {
++playersPredictions[player].predictionsCount;
}
}
}
Updates

Lead Judging Commences

NightHawK Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Match timestamps are incorrect

In both contracts there is a similar error in the computation of the timestamps of the matches.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.