First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect logic in `setPrediction` function

mikb

Summary

The setPrediction function incorrectly resets the predictionsCount to 0 every time it's called, potentially leading to incorrect reward calculations.

Vulnerability Details

In the setPrediction function, the line playersPredictions[player].predictionsCount = 0; resets the count of paid predictions to zero before recalculating it. This occurs every time a prediction is set, even if it's updating an existing prediction.

Impact

This bug leads to players losing their eligibility for rewards if they update their predictions, as their predictionsCount might be reset to a lower number than it should be. It could also allow players to manipulate their prediction count by repeatedly setting predictions.

Tools Used

Manual code review

Recommendations

Remove the line playersPredictions[player].predictionsCount = 0; from the setPrediction function. Instead, only increment the count when a new prediction is made and paid for.

function setPrediction(
address player,
uint256 matchNumber,
Result result
) public onlyThePredicter {
if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400) {
if (playersPredictions[player].predictions[matchNumber] == Result.Pending &&
playersPredictions[player].isPaid[matchNumber]) {
playersPredictions[player].predictionsCount++;
}
playersPredictions[player].predictions[matchNumber] = result;
}
}
Updates

Lead Judging Commences

NightHawK Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.