Incorrect timestamp validation in `ThePredicter.makePrediction` function prevents players from making predictions for a valid match during a valid period of time
Summary
The function ThePredicter.makePrediction timestamp validation is incorrect and prevents players from making predictions during the valid periods of time.
Vulnerability Details
The ThePredicter.makePrediction function has 2 hardcoded constants that are incorrect and cause the validation of the timestamp to fail, and consequently revert calls that should be valid.
The two instances of 68400 in the following lines are incorrect.
The correct numbers should be 86400 (representing 24 hours) and 3600 (representing 1 hour)
So the code should end up looking like this:
The same mistake is present in Scoreboard.setPrediction function. And similar changes need to be done as well.
Impact
Valid calls to ThePredicter.makePrediction will be reverted.
Tools Used
-
Recommendations
Change the hardcoded values as specified in the vulnerability description section.
Optionally:
Define constants with descriptive names for those values to make the code more readable and similar bugs easier to find.
Lead Judging Commences
Match timestamps are incorrect
In both contracts there is a similar error in the computation of the timestamps of the matches.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.