First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Prediciton time should be 1 hour before the match

bytesflow007

Summary

**Current code logic, user can makePrediction before one day, but the doc require **

Every day from 20:00:00 UTC one match is played. Until 19:00:00 UTC on the day of the match, predictions can be made by any approved Player.

Vulnerability Details

Should take second 68400 as 3600

function makePrediction(

uint256 matchNumber,

ScoreBoard.Result prediction

) public payable {

if (msg.value != predictionFee) {

revert ThePredicter__IncorrectPredictionFee();

}

if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) {// 68400 => 3600

revert ThePredicter__PredictionsAreClosed();

}

scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);

scoreBoard.setPrediction(msg.sender, matchNumber, prediction);

}

Impact

** Break the design logic, for the first match, even before the register time, player can also make prediciton START_TIME + 0 * 68400 - 68400 < START_TIME - 14400**

Tools Used

manual

Recommendations

Meanwhile should

Check the matchNumber, prevent the necessary operations.
Modify the related logic in setPrediction.

uint256 private constant NUM_MATCHES = 9;

error ThePredicter__BeyondMatchNumbers();

function makePrediction(

uint256 matchNumber,

ScoreBoard.Result prediction

) public payable {

if(matchNumber >= NUM_MATCHES) {

revert ThePredicter__BeyondMatchNumbers();

}

if (msg.value != predictionFee) {

revert ThePredicter__IncorrectPredictionFee();

}

if (block.timestamp > START_TIME + matchNumber * 68400 - 3600) {// 68400 => 3600

revert ThePredicter__PredictionsAreClosed();

}

scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);

scoreBoard.setPrediction(msg.sender, matchNumber, prediction);

}

function setPrediction(

address player,

uint256 matchNumber,

Result result

) public onlyThePredicter {

if (block.timestamp <= START_TIME + matchNumber * 68400 - 3600)// 68400 => 3600

playersPredictions[player].predictions[matchNumber] = result;

playersPredictions[player].predictionsCount = 0;

for (uint256 i = 0; i < NUM_MATCHES; ++i) {

if (

playersPredictions[player].predictions[i] != Result.Pending &&

playersPredictions[player].isPaid[i]

) ++playersPredictions[player].predictionsCount;

}

Updates

Lead Judging Commences

NightHawK Lead Judge 11 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Match timestamps are incorrect

In both contracts there is a similar error in the computation of the timestamps of the matches.

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.