Description
The organizer
can not self register like a User
because he already have all necessary access in the protocol.
Impact
If organizer
self register he will pay the entrey fee and get the Pending
status.
Proof of Concept:
Add the following code to the: test/ThePredicter.test.sol
function test_TheOrganizarCanNotSelfRegister() public {
vm.startPrank(organizer);
vm.deal(organizer, 1 ether);
vm.expectRevert();
thePredicter.register{value: 0.04 ether}();
}
Run with: forge test --match-test test_TheOrganizarCanNotSelfRegister -vvv
Recommended Mitigation
Add the new error:
error ThePredicter__IncorrectEntranceFee();
error ThePredicter__RegistrationIsOver();
error ThePredicter__IncorrectPredictionFee();
error ThePredicter__AllPlacesAreTaken();
error ThePredicter__CannotParticipateTwice();
error ThePredicter__NotEligibleForWithdraw();
error ThePredicter__PredictionsAreClosed();
error ThePredicter__UnauthorizedAccess();
+ error ThePredicter__TheOrganizerCannotSelfRegister();
And add the check on ThePredicter::register
:
function register() public payable {
+ if (msg.sender == organizer) {
+ revert ThePredicter__TheOrganizerCannotSelfRegister();
+ }
if (msg.value != entranceFee) {
revert ThePredicter__IncorrectEntranceFee();
}
if (block.timestamp > START_TIME - 14400) {
revert ThePredicter__RegistrationIsOver();
}
if (playersStatus[msg.sender] == Status.Pending) {
revert ThePredicter__CannotParticipateTwice();
}
playersStatus[msg.sender] = Status.Pending;
}