Submission Details
Severity:
The `organizer` can not self register like a `User`
Description
The organizer can not self register like a User because he already have all necessary access in the protocol.
Impact
If organizer self register he will pay the entrey fee and get the Pending status.
Proof of Concept:
Add the following code to the: test/ThePredicter.test.sol
function test_TheOrganizarCanNotSelfRegister() public {
// the organizer try to self register
vm.startPrank(organizer);
vm.deal(organizer, 1 ether);
vm.expectRevert();
thePredicter.register{value: 0.04 ether}();
}
Run with: forge test --match-test test_TheOrganizarCanNotSelfRegister -vvv
Recommended Mitigation
Add the new error:
error ThePredicter__IncorrectEntranceFee();
error ThePredicter__RegistrationIsOver();
error ThePredicter__IncorrectPredictionFee();
error ThePredicter__AllPlacesAreTaken();
error ThePredicter__CannotParticipateTwice();
error ThePredicter__NotEligibleForWithdraw();
error ThePredicter__PredictionsAreClosed();
error ThePredicter__UnauthorizedAccess();
+ error ThePredicter__TheOrganizerCannotSelfRegister();
And add the check on ThePredicter::register:
function register() public payable {
+ if (msg.sender == organizer) {
+ revert ThePredicter__TheOrganizerCannotSelfRegister();
+ }
if (msg.value != entranceFee) {
revert ThePredicter__IncorrectEntranceFee();
}
if (block.timestamp > START_TIME - 14400) {
revert ThePredicter__RegistrationIsOver();
}
if (playersStatus[msg.sender] == Status.Pending) {
revert ThePredicter__CannotParticipateTwice();
}
playersStatus[msg.sender] = Status.Pending;
}
Rewards breakdown
nSLOC
191This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.