First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Zero MaxScore Scenario Leads to Reward Distribution Failure

yaioxy

Summary

The ThePredicter::withdraw function fails to handle scenarios where the maximum score (maxScore) is zero, leading to a division by zero error and preventing reward distribution.

Vulnerability Details

In the withdraw function, the case where score is 0 or negative value, and maxScore is 0. This scenario bypasses the initial revert check if (maxScore > 0 && score <= 0). Then the reward calculation then uses a ternary operator:

reward = maxScore < 0 ? entranceFee : (shares * players.length * entranceFee) / totalShares;

With maxScore being 0, it chooses the second option, leading to:

reward = (shares * players.length * entranceFee) / totalShares;

However, totalShares will also be 0, causing a division by zero error and the function to revert.

Impact

This vulnerability prevents any rewards from being distributed when all players have non-positive scores. It effectively locks the funds in the contract under these circumstances, as the withdraw function will always revert.

Tools Used

Manual review

Recommendations

- reward = maxScore < 0 ? entranceFee : (shares * players.length * entranceFee) / totalShares;
+ reward = maxScore =< 0 ? entranceFee : (shares * players.length * entranceFee) / totalShares;
Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Possible maxScore of zero is not accounted

The checks related to maxScore do not account possible maxScore of zero leading to stuck funds or a division by zero error.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.