Summary

The protocol intends predictions to be made by any approved Player until 19:00:00 UTC on the day of each match.

When user makes a prediction using ThePredicter::makePrediction function an if-statement is put in place to check whether the prediction is made before this hour both in ThePredicter::makePrediction and ScoreBoard::setPrediction

The calculation made for the timestamp check won`t return the correct time window for making predictions, reverting the operation.

Vulnerability Details

By calling the ThePredicter::makePrediction function for the n-th match, the if-statement checks current time > Thu Aug 15 2024 20:00:00 GMT+0000 + n-th match* 19hrs - 19hrs.
For example - the calculation for the third match will result in the check current time > Sat Aug 17 2024 10:00:00 GMT+0000 , thus making predictions impossible between 10:00h and 19:00h.

Paste the following code in the test suite as an example for the 1st and 3rd match.

It should be taken into consideration that there is another timestamp check in the external call to ScoreBoard::setPrediction and there is a possibility for conflict.

Impact

Implemented as such, the timestamp check renders making predictions impossible in the intended by the protocol time window.

Tools Used

Foundry, Manual review

Recommendations

Change the calculation of the timestamp to check if current time > Thu Aug 15 2024 00:00:00 GMT+0000 + matchNumber * 24hrs - 5 hrs in the if-statement in l.93::ThePredicter.sol and delete the l.66:ScoreBoard.sol if-statement, or vice versa.