First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Players Are Charged for Changing Predictions

yaioxy

Summary

The ThePredicter::makePrediction function requires payment for each prediction, contradicting the requirement stated in the README that players should be able to change their predictions without paying again.

Vulnerability Details

The README file specifies:

"No second prediction fee is due if any Player desires to change an already paid prediction."

However, the makePrediction function always requires the predictionFee to be paid, regardless of whether it's a new prediction or a change to an existing one:

if (msg.value != predictionFee) {
revert ThePredicter__IncorrectPredictionFee();
}

This check forces players to pay for each prediction, even when modifying an existing one.

Impact

Players are unfairly charged for changing predictions, contrary to the stated rules.

Tools Used

Manual review

Recommendations

Implement a tracking mechanism to record whether a player has already paid for a prediction for each match.

mapping(address => mapping(uint256 => bool)) public hasPaidForMatch;
function makePrediction(uint256 matchNumber, ScoreBoard.Result prediction) public payable {
if (!hasPaidForMatch[msg.sender][matchNumber]) {
if (msg.value != predictionFee) {
revert ThePredicter__IncorrectPredictionFee();
}
hasPaidForMatch[msg.sender][matchNumber] = true;
} else {
require(msg.value == 0, "No payment required for prediction change");
}
// Rest of the function logic
}
Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.