First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

ThePredicter::makePrediction && ScoreBoard::setPrediction check for deadline for daily prediction is not accurate

josh4324

Summary

The check for the daily prediction deadline is not accurate. This flaw could lead to predictions being accepted outside the intended time window, compromising the integrity of the betting process.

Vulnerability Details

The makePrediction function's check for the daily prediction deadline is not accurately implemented, it does not allow users to make predictions in the intended time frame (until 19:00:00 UTC on the day of the match). Below is the Deadline for Day 0 - 4 according to the function.

// Day 0 - 2024-08-15T01:00:00.000Z
// Day 1 - 2024-08-15T20:00:00.000Z
// Day 2 - 2024-08-16T15:00:00.000Z
// Day 3 - 2024-08-17T10:00:00.000Z

Players need to make predictions earlier than specified in the documentation

function makePrediction(

uint256 matchNumber,

ScoreBoard.Result prediction

) public payable {

if (msg.value != predictionFee) {

revert ThePredicter__IncorrectPredictionFee();

}

// Day 1 - 2024-08-15T01:00:00.000Z

// Day 2 - 2024-08-15T20:00:00.000Z

// Day 3 - 2024-08-16T15:00:00.000Z

// Day 4 - 2024-08-17T10:00:00.000Z

//@audit Betting Date has been disrupted - not according to docs

@> if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) {

@> revert ThePredicter__PredictionsAreClosed();

}

scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);

scoreBoard.setPrediction(msg.sender, matchNumber, prediction);

}

function setPrediction(

address player,

uint256 matchNumber,

Result result

) public {

@> if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400)

playersPredictions[player].predictions[matchNumber] = result;

playersPredictions[player].predictionsCount = 0;

for (uint256 i = 0; i < NUM_MATCHES; ++i) {

if (

playersPredictions[player].predictions[i] != Result.Pending &&

playersPredictions[player].isPaid[i]

) ++playersPredictions[player].predictionsCount;

}

Impact

Players may miss out on making predictions for certain match if they follow the deadline mentioned in the documentation

Tools Used

Manual Review

Recommendations

The deadline check should be rewritten to make sure 19:00:00 UTC is deadline for every match day

Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Match timestamps are incorrect

In both contracts there is a similar error in the computation of the timestamps of the matches.

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.