Submission Details
Severity:
Users can register as player more than once
Description
To find if a User has already registered, the following condition is looked at : playersStatus[msg.sender] == Status.Pending
It means that if the User is already Approved, they can register again.
Impact
1/ Loss of funds for the User.
2/ Less 'real' Players can be added because User takes a slot in players[].
PoC
Add this Getter in ThePredicter.sol :
function getPlayersLength() public view returns (uint256 count) {
return players.length;
}
Add this test at the end of the test file and run it :
forge test --mt test_cannotRegisterIfAlreadyApproved
function test_cannotRegisterIfAlreadyApproved() public {
vm.prank(stranger);
vm.warp(1);
vm.deal(stranger, 1 ether);
thePredicter.register{value: 0.04 ether}();
vm.warp(2);
vm.prank(organizer);
thePredicter.approvePlayer(stranger);
vm.prank(stranger);
// Should revert, but will not because organizer approved before
// vm.expectRevert(abi.encodeWithSelector(ThePredicter__CannotParticipateTwice.selector));
thePredicter.register{value: 0.04 ether}();
// Organizer approves a second time the same player
vm.prank(organizer);
thePredicter.approvePlayer(stranger);
// The same player takes two slots in the players array
assertEq(2, thePredicter.getPlayersLength());
assertEq(stranger.balance, 0.92 ether);
}
Recommendations
Update the condition in ThePredicter.register() to also revert if a player is already approved :
if (playersStatus[msg.sender] == Status.Pending || playersStatus[msg.sender] == Status.Approved) {
revert ThePredicter__CannotParticipateTwice();
}
Rewards breakdown
nSLOC
191This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.