First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Lack of Access Control,Denial of Service (DoS) Attack on setPrediction

CoderOfPHCity

Summary

The setPrediction function in the ScoreBoard contract lacks access control,An attacker can exploit the lack of access control in the setPrediction function to cause a Denial of Service (DoS) attack.

By repeatedly calling this function, the attacker can consume significant gas and potentially prevent legitimate users from interacting with the contract.

Vulnerability Details

// Unauthorized address sets a prediction
function testStrangerCanSetPrediction() public {
test_unauthorizedcanWithdrawRewardsTwice();
vm.startPrank(stranger9);
vm.deal(stranger9, 1 ether);
scoreBoard.setPrediction(
stranger9,
1,
ScoreBoard.Result.Draw // prediction
);
vm.stopPrank();
}

setPrediction() in the ScoreBoard contract lacks proper access control, allowing any user to call it directly.

Impact

This vulnerability can lead to a Denial of Service (DoS), where legitimate users are unable to update their predictions or interact with the contract due to excessive gas consumption caused by the attacker.

Tools Used

Manual review

Recommendations

add an access control to the function setPediction()

Updates

Lead Judging Commences

NightHawK Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

setPrediction lacks access control

setPrediction has no access control and allows manipulation to Players' predictions.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.