First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

[L-1] Lack of Zero Value Checks on ThePredicter::entranceFee and ThePredicter::predictionFee.

ayamercy

Summary

The constructor of the ThePredicter smart contract does not validate that entranceFee and predictionFee are non-zero, which could result in unintended contract behavior or abuse.

Vulnerability Details

The ThePredicter smart contract allows the organizer to set the entranceFee and predictionFee during deployment. However, the constructor does not include checks to ensure these values are greater than zero. This oversight can lead to potential issues such as:

Zero Fee Exploits: Allowing zero fees may enable users to participate in predictions or enter the system without any financial commitment, which could lead to spam or abuse of the system.
Economic Instability: The economic model of the contract relies on these fees to function correctly. Zero fees could disrupt the intended economic incentives, leading to unintended behavior or financial losses.

constructor(

address _scoreBoard,

uint256 _entranceFee,

uint256 _predictionFee

) {

organizer = msg.sender;

scoreBoard = ScoreBoard(_scoreBoard);

@> entranceFee = _entranceFee;

@> predictionFee = _predictionFee;

}

Impact

Prize Pool Distortion:
Null entrance fees directly affect the total prize amount available, resulting in no rewards for winners.
This could make the game significantly less attractive to potential players, as there are no rewards.
The absence of a prize pool eliminates the primary incentive for participation in the prediction game.
Unfairness:
Players are paying fees but getting nothing in return, even if they win.
This creates a fundamentally unfair system where participants bear costs without the possibility of rewards.
Players may find it difficult to assess the risk-reward ratio of participating, as there is only risk and no potential reward. This imbalance is likely to lead to reduced engagement and potentially a complete loss of player base.
Operational Sustainability:
This threatens the basic operational viability of the game, as there are no resources to cover essential costs.
The inability to fund the physical space for the game could lead to its cancellation or suspension.

Tools Used

Manual review.

Recommendations:

Add zero checks to the entered fees by making the following changes to ThePredicter contract:

+ error ThePredicter__ZeroEntranceFee();

+ error ThePredicter__ZeroPredictionFee();

constructor(

address _scoreBoard,

uint256 _entranceFee,

uint256 _predictionFee

) {

+ if(_entranceFee == 0){

+ revert ThePredicter__ZeroEntranceFee();

+ }

+ if(_predictionFee == 0){

+ revert ThePredicter__ZeroPredictionFee();

+ }

organizer = msg.sender;

scoreBoard = ScoreBoard(_scoreBoard);

entranceFee = _entranceFee;

predictionFee = _predictionFee;

}

Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.