First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`ScoreBoard:: isEligibleForReward` has wrong checks

abhishekthakur

Summary

isEligibleForReward has wrong checks than intended, which requires more than 1 prediction to become true.

Vulnerability Details

function isEligibleForReward(address player) public view returns (bool) {
return
results[NUM_MATCHES - 1] != Result.Pending &&
@> playersPredictions[player].predictionsCount > 1;
}

In ScoreBoard::isEligibleForReward function, user address as input is taken and it's meant to checks wether

  • last round result is declared or not

  • user has made atleast prediction in 1 round

Although if you check the highlighted line, it has >check, which makes sure that prediction count must be greator than 1. Which is not intended as per current contest details.

Players can receive an amount from the prize fund only if their total number of points is a positive number and if they had paid at least one prediction fee.

Impact

Makes eligible user, Ineligible and that will not be fair with users.

Tools Used

Manual Review

Recommendations

Here is a fix -

function isEligibleForReward(address player) public view returns (bool) {
return
results[NUM_MATCHES - 1] != Result.Pending &&
- playersPredictions[player].predictionsCount > 1;
+ playersPredictions[player].predictionsCount >= 1;
}
Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

The eligibility criteria is wrong

Players with only one prediction cannot withdraw.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.