First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

To have balance check for `ThePredicter::withdrawPredictionFees` to avoid transaction with zero fee available to withdraw

soupy

Summary

ThePredicter::withdrawPredictionFees does not have a balance check on prediction fee available which could have caused owner to still proceed the withdraw process even though there isn't any fee available.

Vulnerability Details

In ThePredicter::withdrawPredictionFees, the owner can withdraw prediction fees at anytime. However, there isn't any balance check on the available prediction fees left over for withdrawal, owner could still proceed the withdraw process with no fee received at the end of this transaction call wasting unnecessary gas fees and might also create confusion and addition checks to understand why a succesful withdraw transaction without any value received.

function withdrawPredictionFees() public {

if (msg.sender != organizer) {

revert ThePredicter__NotEligibleForWithdraw();

}

uint256 fees = address(this).balance - players.length * entranceFee;

(bool success, ) = msg.sender.call{value: fees}("");

require(success, "Failed to withdraw");

}

Impact

Owner can still proceed to call this withdraw function even though there isn't any left over prediction fees, wasting unnecessary gas fee

Tools Used

Manual review

Recommendations

To either implement a function where owner can easily enquire the balance of prediction fees available to withdraw or directly implement a check within the withdrawPredictionFees function as below:

function withdrawPredictionFees() public {

if (msg.sender != organizer) {

revert ThePredicter__NotEligibleForWithdraw();

}

uint256 fees = address(this).balance - players.length * entranceFee;

+ if (fees == 0) {

+ revert ThePredicter__NoPredictionFeesAvailable();

+ }

(bool success, ) = msg.sender.call{value: fees}("");

require(success, "Failed to withdraw");

}

Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.