First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Players can make prediction with matchNumber out of the range of matches on `ThePredicter::makePrediction`

0xjoaovictor

Description

Players can make prediction with matchNumber out of the range of matches on ThePredicter::makePrediction

Impact

A player can enter with wrong match number and loss the and pay the prediction fee unecessarily, not having the chance to earn

Proof Of Concept

In the test/ThePredicter.test.sol add the new error:

contract ThePredicterTest is Test {

error ThePredicter__NotEligibleForWithdraw();

error ThePredicter__CannotParticipateTwice();

error ThePredicter__RegistrationIsOver();

error ThePredicter__IncorrectEntranceFee();

error ThePredicter__IncorrectPredictionFee();

error ThePredicter__AllPlacesAreTaken();

error ThePredicter__PredictionsAreClosed();

+ error ThePredicter__IncorrectMatch();

And add the test:

function test_PlayerCanOnlyPlayTheMatchesInTheRange() public {

// setup stranger

vm.startPrank(stranger);

vm.deal(stranger, 1 ether);

thePredicter.register{value: 0.04 ether}();

vm.stopPrank();

// accept stranger

vm.startPrank(organizer);

thePredicter.approvePlayer(stranger);

vm.stopPrank();

// try to play match out of the range

vm.expectRevert(

abi.encodeWithSelector(

ThePredicter__IncorrectMatch.selector

)

);

vm.startPrank(stranger);

thePredicter.makePrediction{value: 0.0001 ether}(

10,

ScoreBoard.Result.Draw

);

vm.stopPrank();

}

Run with: forge test --match-test test_PlayerCanOnlyPlayTheMatchesInTheRange

Recommended Mitigation

Add the new error on src/ThePredicter.sol:

error ThePredicter__IncorrectEntranceFee();

error ThePredicter__RegistrationIsOver();

error ThePredicter__IncorrectPredictionFee();

error ThePredicter__AllPlacesAreTaken();

error ThePredicter__CannotParticipateTwice();

error ThePredicter__NotEligibleForWithdraw();

error ThePredicter__PredictionsAreClosed();

error ThePredicter__UnauthorizedAccess();

+ error ThePredicter__IncorrectMatch();

And add the check on makePrediction:

function makePrediction(

uint256 matchNumber,

ScoreBoard.Result prediction

) public payable {

+ if (matchNumber >= NUM_MATCHES) {

+ revert ThePredicter__IncorrectMatch();

+ }

if (msg.value != predictionFee) {

revert ThePredicter__IncorrectPredictionFee();

}

if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) {

revert ThePredicter__PredictionsAreClosed();

}

scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);

scoreBoard.setPrediction(msg.sender, matchNumber, prediction);

}

Updates

Lead Judging Commences

NightHawK Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.