Submission Details
Severity:
A player can re-register once Approved
Summary
There is no check in register() that stops Approved or Canceled players from re-registering again.
Vulnerability Details
The method register() checks if the player status is not Pending then it sets it's status as Pending. An Approved or Canceled players can register themselves again if they want.
function register() public payable {
if (msg.value != entranceFee) {
revert ThePredicter__IncorrectEntranceFee();
}
if (block.timestamp > START_TIME - 14400) {
revert ThePredicter__RegistrationIsOver();
}
if (playersStatus[msg.sender] == Status.Pending) {
revert ThePredicter__CannotParticipateTwice();
}
playersStatus[msg.sender] = Status.Pending;
}
Impact
If a player is Approved twice by mistake, it'll create a duplicate entry in player[]
Tools Used
VS Code
Recommendations
Revert the transaction if the player status is not Unknown\
function register() public payable {
if (msg.value != entranceFee) {
revert ThePredicter__IncorrectEntranceFee();
}
//@audit See if the check works out well
if (block.timestamp > START_TIME - 14400) {
revert ThePredicter__RegistrationIsOver();
}
//@audit What is the default value of a Status?
if (playersStatus[msg.sender] != Status.Unknown) {
revert ThePredicter__CannotParticipateTwice();
}
playersStatus[msg.sender] = Status.Pending;
}
Rewards breakdown
nSLOC
191This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.