First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Inconsistent State Updates in setPrediction()

bryanconquer

Vulnerability Details

The line playersPredictions[player].predictionsCount = 0; resets the predictionsCount to 0 before it loops through all matches to recalculate it based on the current predictions and payments. If an error occurs during the loop or if the loop is interrupted, the predictionsCount might not be correctly updated, leaving the state inconsistent. For example, if the loop starts but doesn't complete due to an unexpected error or gas limit, predictionsCount could be left at an incorrect value.

function setPrediction(

address player,

uint256 matchNumber,

Result result

) public {

if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400)

playersPredictions[player].predictions[matchNumber] = result;

playersPredictions[player].predictionsCount = 0;

for (uint256 i = 0; i < NUM_MATCHES; ++i) {

if (

playersPredictions[player].predictions[i] != Result.Pending &&

playersPredictions[player].isPaid[i]

) ++playersPredictions[player].predictionsCount;

}

Impact

low : The predictionsCount might not be correctly updated, leaving the state inconsistent.

Tools Used

manual Review

Recommendations

By refactoring the function to separate the concerns of setting a prediction and updating the count, and by using more robust condition checks, the function becomes more reliable and efficient, reducing the risk of state inconsistencies.

Here’s a potential refactor of the setPrediction function to improve state consistency and efficiency:

function setPrediction(

address player,

uint256 matchNumber,

Result result

) public {

// Ensure the prediction is being set before the match starts

require(block.timestamp <= START_TIME + matchNumber * 68400 - 68400, "Prediction window has closed");

// Set the prediction for the specified match

playersPredictions[player].predictions[matchNumber] = result;

// Update the predictions count more efficiently

if (playersPredictions[player].isPaid[matchNumber]) {

if (result != Result.Pending) {

// Increase count if previously pending and now a valid prediction

playersPredictions[player].predictionsCount++;

} else {

// Decrease count if previously valid and now pending

playersPredictions[player].predictionsCount--;

}

Updates

Lead Judging Commences

NightHawK Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.