Submission Details
Severity:
The wrong logic while calculating the reward, which leads all winners will receive more profit than expected
Summary
As the doc describe as below, but the code apply all players instead of the players with a positive number of points.
The prize fund is distributed in proportion to the points collected by all Players with a positive number of points
Vulnerability Details
Impact
All winners will receive more profit than expeceted
Tools Used
Manual
Recommendations
Add playerNumWithPositivePoints logic in withdraw functions
function withdraw() public {
if (!scoreBoard.isEligibleForReward(msg.sender)) {
revert ThePredicter__NotEligibleForWithdraw();
}
int8 score = scoreBoard.getPlayerScore(msg.sender);
int8 maxScore = -1;
int256 totalPositivePoints = 0;
uint256 playerNumWithPositivePoints; // added
for (uint256 i = 0; i < players.length; ++i) {
int8 cScore = scoreBoard.getPlayerScore(players[i]);
if (cScore > maxScore) maxScore = cScore;
if (cScore > 0) {
totalPositivePoints += cScore;
++playerNumWithPositivePoints; // added
}
}
if (maxScore > 0 && score <= 0) {
revert ThePredicter__NotEligibleForWithdraw();
}
uint256 shares = uint8(score);
uint256 totalShares = uint256(totalPositivePoints);
uint256 reward = 0;
reward = maxScore < 0
? entranceFee
: (shares * playerNumWithPositivePoints.length * entranceFee) / totalShares; // players=>playerNumWithPositivePoints
if (reward > 0) {
scoreBoard.clearPredictionsCount(msg.sender);
(bool success, ) = msg.sender.call{value: reward}("");
require(success, "Failed to withdraw");
}
}
}
}
Rewards breakdown
nSLOC
191This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.