First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Incorrect Time Calculation in Prediction Functions

Tomas0707

Summary

The Solidity contracts ScoreBoard.sol and ThePredicter.sol contain a time calculation error that affects the timing of predictions. This error can result in users being unable to set their predictions correctly.

Vulnerability Details

In both contracts, the time calculations use the value 68400 as a time interval, but the correct value should be 86400 (the number of seconds in a day). This discrepancy impacts the time window during which predictions can be set.

ScoreBoard.sol

In the setPrediction function:

if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400)

The calculation should be:

if (block.timestamp <= START_TIME + matchNumber * 86400 - 3600)

https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ScoreBoard.sol#L66

ThePredicter.sol

In the makePrediction function:

if (block.timestamp > START_TIME + matchNumber * 68400 - 68400)

The calculation should be:

if (block.timestamp > START_TIME + matchNumber * 86400 - 3600)

https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ThePredicter.sol#L93

Proof of Concept

This is the test code of Thu Aug 15 2024 18:00:00 GMT+0000.

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;
import {Test, console} from "forge-std/Test.sol";
import {Strings} from "@openzeppelin/contracts/utils/Strings.sol";
import {ThePredicter} from "../src/ThePredicter.sol";
import {ScoreBoard} from "../src/ScoreBoard.sol";
import {ThePredicterTest} from "./ThePredicter.test.sol";
contract ChecktimeTest is ThePredicterTest {
function testtime() public {
vm.startPrank(stranger);
vm.warp(1);
vm.deal(stranger, 1 ether);
thePredicter.register{value: 0.04 ether}();
vm.stopPrank();
vm.startPrank(organizer);
vm.warp(2);
thePredicter.approvePlayer(stranger);
vm.stopPrank();
vm.warp(1723742400); // Thu Aug 15 2024 18:00:00 GMT+0000
vm.expectRevert(
abi.encodeWithSelector(ThePredicter__PredictionsAreClosed.selector)
);
vm.startPrank(stranger);
thePredicter.makePrediction{value: 0.0001 ether}(
0,
ScoreBoard.Result.Draw
);
vm.stopPrank();
}
}

To test this code:

  • Input this code to new test solidity file: test/Checktime.test.sol.

  • Then run this command:

    forge test --match-path test/Checktime.test.sol --match-test testtime -vvvv

  • The result is:

├─ [0] VM::startPrank(stranger: [0x49052147F5D97A723DEBdf07680fFFaDAd29A5dC])
│ └─ ← [Return]
├─ [2773] ThePredicter::makePrediction{value: 100000000000000}(0, 2)
│ └─ ← [Revert] ThePredicter__PredictionsAreClosed()
├─ [0] VM::stopPrank()

As you can see, player set first match prediction in right time but that prediction is reverted.

Impact

The incorrect time calculation results in:

  1. Users may be unable to set their predictions if the time window is incorrectly calculated.

  2. Predictions might be rejected or accepted outside the intended time frame, leading to potential inaccuracies in the prediction system.

Tools Used

Manual code review

Recommendations

Correct the time calculation in both ScoreBoard.sol and ThePredicter.sol and ensure that adjustments for the prediction window are made correctly.

Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Match timestamps are incorrect

In both contracts there is a similar error in the computation of the timestamps of the matches.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.