First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Wrong start time

vikthetilted

Summary

The makePrediction and setPrediction functions in the ThePredicter and ScoreBoard contracts have identified issues related to incorrect time intervals. These vulnerabilities can disrupt the intended functionality, leading to incorrect timing for predictions.

Vulnerability Details

https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ThePredicter.sol#L10

https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ScoreBoard.sol#L5

https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ThePredicter.sol#L93-L95

https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ScoreBoard.sol#L66-L67

`uint256 private constant START_TIME = 1723752000; // Thu Aug 15 2024 20:00:00 GMT+0000`

`makePrediction`

function makePrediction(

uint256 matchNumber,

ScoreBoard.Result prediction

) public payable {

if (msg.value != predictionFee) {

revert ThePredicter__IncorrectPredictionFee();

}

// @audit - 68400 is 19 hours not 24 hours predictions are open every day before 19:00:00 time

if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) {

revert ThePredicter__PredictionsAreClosed();

}

scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);

scoreBoard.setPrediction(msg.sender, matchNumber, prediction);

}

`setPrediction`

function setPrediction(

address player,

uint256 matchNumber,

Result result

) public {

// @audit - 68400 is 19 hours not 24 hours, you should be able to make a prediction every day before 19:00:00

if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400)

playersPredictions[player].predictions[matchNumber] = result;

playersPredictions[player].predictionsCount = 0;

for (uint256 i = 0; i < NUM_MATCHES; ++i) {

if (

playersPredictions[player].predictions[i] != Result.Pending &&

playersPredictions[player].isPaid[i]

) ++playersPredictions[player].predictionsCount;

}

Impact

The incorrect 19-hour interval disrupts the intended schedule, making it difficult for players to submit their predictions within the allowed timeframe. This can lead to missed predictions, resulting in player frustration and reduced engagement. Incorrect start time**, t**he start time is set incorrectly. It should be Thu Aug 15 2024 19:00:00 UTC.

Tools Used

Manual review

Recommendations

To mitigate the vulnerabilities and ensure the functions correctly enforce the rules, the following changes are recommended:

Correct Time Interval:
- Use a 24-hour interval (86400 seconds) for the match timings.
Correct Start time:
- Update the start time to Thu Aug 15 2024 19:00:00 UTC.
- uint256 private constant START_TIME = 1723748400; // Thu Aug 15 2024 19:00:00 UTC

if (block.timestamp > START_TIME + matchNumber * 86400 - 86400)

if (block.timestamp <= START_TIME + matchNumber * 86400 - 86400)

Updates

Lead Judging Commences

NightHawK Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Match timestamps are incorrect

In both contracts there is a similar error in the computation of the timestamps of the matches.

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.