Submission Details
Severity:
Incorrect Prediction Timing Window
Relevant GitHub Link
Summary
The current implementation of the makePrediction function restricts predictions to a 19-hour window, contrary to the specified 24-hour interval for making predictions. This discrepancy affects the fairness and functionality of the protocol.
PoC
function test_after19Hours() public {
uint256 START_TIME = 1723752000;
address player1 = makeAddr("player1");
vm.startPrank(player1);
vm.deal(player1, 1 ether);
thePredicter.makePrediction{value: 0.0001 ether}(
0,
ScoreBoard.Result.First
);
vm.stopPrank();
vm.warp(START_TIME + 68400); // -> 19 hours
address player2 = makeAddr("player2");
vm.startPrank(player2);
vm.deal(player2, 1 ether);
// After 19 hours players cannot be able to make predictions.
vm.expectRevert(abi.encodeWithSelector(ThePredicter__PredictionsAreClosed.selector));
thePredicter.makePrediction{value: 0.0001 ether}(
0,
ScoreBoard.Result.First
);
vm.stopPrank();
}
Tools Used
Manual Reading and Foundry
Recommendations
Change the 19 hour window to 24.
- if (block.timestamp > START_TIME + matchNumber * 68400 - 68400)
+ if (block.timestamp >= START_TIME + matchNumber * 86400 - 3600) {
revert ThePredicter__PredictionsAreClosed();
}
-if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400)
+if (block.timestamp < START_TIME + matchNumber * 86400 - 3600)
Updates
Lead Judging Commences
NightHawK about 1 year ago
Submission Judgement Published Assigned finding tags:
Match timestamps are incorrect
In both contracts there is a similar error in the computation of the timestamps of the matches.
Rewards breakdown
nSLOC
191This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.