First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Fee Values Verification in ThePredicter Contract Constructor

n3smaro

Summary

The constructor of the ThePredicter contract initializes the entrance and prediction fees without any validation checks. This lack of verification can result in unintended consequences if invalid or zero values are provided during contract deployment.

Vulnerability Details

The constructor function accepts and sets the entranceFee and predictionFee values directly from the input parameters, but it does not validate these values. If zero or invalid fees are set, the contract's functionality could be compromised. For instance, setting fees to zero might prevent the system from functioning as intended, as no actual fees would be collected for participation or predictions.

Code Snippet

ThePredicter.sol contract

constructor(
address _scoreBoard,
uint256 _entranceFee,
uint256 _predictionFee
) {
organizer = msg.sender;
scoreBoard = ScoreBoard(_scoreBoard);
entranceFee = _entranceFee;
predictionFee = _predictionFee;
}

Tool used

Manual Review

Impact

Setting the fees to zero or invalid values could disrupt the intended operations of the contract, such as collecting entrance or prediction fees and affect also the fairness and functionality of the betting system, potentially leading to financial losses or exploitation.

Recommendations

Consider implementing a validation checks in the constructor to ensure that both the entrance and prediction fees are greater than zero. This prevents the contract from being deployed with invalid fee values.

Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.