The ScoreBoard smart contract lacks a reliable mechanism for verifying prediction payments. This allows the designated thePredicter
to confirm payments without actual proof, creating the potential for fraud and manipulation of the system.
The confirmPredictionPayment
function in the ScoreBoard contract simply marks a prediction as paid based on a call from thePredicter
. There is no requirement for proof of payment, such as a transaction hash or any other form of verification. This can be exploited in the following ways:
False Payment Confirmation: The thePredicter
could mark predictions as paid even if the players have not actually sent any funds. This could be done to favor certain players or to manipulate the outcome of the prediction contest.
Denial of Valid Payments: The thePredicter
could refuse to confirm legitimate payments from players, preventing them from participating in the contest or receiving rewards.
Players who haven't paid could be awarded prizes, while those who have paid legitimately could be denied.
Manual review
Require the thePredicter
to provide proof of payment, such as a transaction hash, before confirming a payment. This proof could be stored on-chain for future reference.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.