Incorrect Prediction Deadline Calculation Leading to Premature Closure of Predictions
Summary
The smart contracts ThePredicter and ScoreBoard contain a vulnerability where match prediction deadlines are incorrectly calculated. The contracts use a 19-hour interval instead of the intended 23-hour interval, potentially causing predictions to close prematurely and preventing users from participating.
Vulnerability Details
View the code here:
https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ScoreBoard.sol#L66
https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ThePredicter.sol#L93C6-L95C10
In the ThePredicter contract, the makePrediction function contains the following condition:
Similarly, in the ScoreBoard contract, the setPrediction function uses:
The match prediction deadline is said to be 19:00:00 (UTC) every match day which is just one hour before the START_TIME, and 23 hours away from the START_TIME the following match day . In both cases, the value 68400 represents 19 hours in seconds (68400 / 3600 = 19). This results in prediction deadlines being set every 19 hours after the START\_TIME, instead of the intended 23 hours. 19 hours from the START_TIME will be 15:00:00 (UTC) the following match day which is early prediction closure.
when matchNumber = 2,
START_TIME + 2*68400 - 68400 = START_TIME + 68400 (This is 19 hours after START_TIME which is 15:00:00 (UTC) the second match day)
Impact
This vulnerability has several potential impacts:
Users may be unexpectedly prevented from making predictions due to premature closure of prediction windows.
The game's fairness is compromised as the timing doesn't align with the intended match schedule.
It could lead to confusion and frustration among users, potentially damaging the platform's reputation.
In extreme cases, it might allow malicious actors to exploit the timing discrepancy for unfair advantages.
The severity of this vulnerability is considered HIGH due to its direct impact on the core functionality of the prediction game and its potential to affect all users of the platform.
Tools Used
Manual code review
Recommendations
To fix this vulnerability, the following changes are recommended:
In the
ThePredictercontract, modify themakePredictionfunction:
In the
ScoreBoardcontract, update thesetPredictionfunction:
These changes replace 68400 (19 hours in seconds) with 86400 (24 hours in seconds), ensuring that prediction deadlines are correctly set at 24-hour intervals after the START_TIME, then subtract 25 hours from the sum, to make it an hour before the START_TIME on the first day and always an hour before 20:00:00 (UTC) every consecutive day. This is shown below
When matchNumber =1,
time= START_TIME + 1*86400 -90000
time = START_TIME -3600 (Which is 19:00:00 (UTC) the first match day)
When matchNumber =2,
time= START_TIME + 2*86400 -90000
time = START_TIME + 82800 (Which is 19:00:00 (UTC) the second match day, 23 hours after the START_TIME)
When matchNumber =3,
time= START_TIME + 3*86400 -90000
time = START_TIME + 169200 (Which is 19:00:00 (UTC) the third match day, that's 47 hours after the START_TIME)
Lead Judging Commences
Match timestamps are incorrect
In both contracts there is a similar error in the computation of the timestamps of the matches.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.