Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Invalid

ThePredicter::register is missing a status check : an approved player can register

Relevant GitHub Links

https://github.com/Cyfrin/2024-07-the-predicter/blob/main/src/ThePredicter.sol#L72

Summary

The register function does not check whether the player already has status.approved. The player therefore loses his approved status and pays the entry fee again.

Impact

The player loses his approved status and pays the entry fee again.

Can create duplicates in the player list.

Proof of Concept

Include this test in ThePredicterTest.sol

function test_PlayerAlreadyApprovedRegister() public {
//The player registers
vm.startPrank(stranger);
vm.deal(stranger, 1 ether);
thePredicter.register{value: 0.04 ether}();
vm.stopPrank();
//The organizer approves the player
vm.startPrank(organizer);
thePredicter.approvePlayer(stranger);
assertEq(
uint(thePredicter.playersStatus(stranger)),
uint(ThePredicter.Status.Approved)
);
vm.stopPrank();
//The player registers once again and loose his approved status
vm.startPrank(stranger);
thePredicter.register{value: 0.04 ether}();
vm.stopPrank();
assertEq(
uint(thePredicter.playersStatus(stranger)),
uint(ThePredicter.Status.Pending)
);
}

Tools Used

Foundry and manual review

Recommendations

Implement a check in the register function to ensure that a player with approved status cannot re-register.

Updates

Lead Judging Commences

NightHawK Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.