First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Unauthorized Prediction Modification

frontrunner

Summary

A critical vulnerability exists in the setPrediction function of the scoreboard contract, allowing unauthorized users to alter the predictions of any player. This flaw can lead to financial losses for players and undermines the integrity of the prediction system.

Vulnerability Details

The setPrediction function is intended to allow players to set their predictions for a specific match. However, the function lacks proper access control, enabling any user to modify the predictions of any player. The relevant code snippet is as follows:

function setPrediction(

address player,

uint256 matchNumber,

Result result

) public {

// Incorrect time check for prediction submission

if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400) {

// No access control, allowing any user to set predictions for any player

- playersPredictions[player].predictions[matchNumber] = result;

playersPredictions[player].predictionsCount = 0;

for (uint256 i = 0; i < NUM_MATCHES; ++i) {

if (

playersPredictions[player].predictions[i] != Result.Pending &&

playersPredictions[player].isPaid[i]

) ++playersPredictions[player].predictionsCount;

}

Impact

Any user who isn't even part of the registered or approved 30 players can call the setPrediction function and alter the predictions of any player. This could be used maliciously to sabotage other players' predictions, leading to incorrect outcomes and financial losses for affected players. Players' trust in the system is compromised when predictions can be altered by unauthorized parties. This undermines the integrity of the entire prediction system.

Tools Used

Recommendations

Ensure that only the player who owns the prediction can modify it. Use msg.sender to verify the caller's identity before allowing any changes.

function setPrediction(

uint256 matchNumber,

Result result

) public {

require(block.timestamp > START_TIME + matchNumber * 68400 - 68400, "Predictions are closed");

require(playersPredictions[msg.sender].isPaid[matchNumber], "Prediction fee not paid");

playersPredictions[msg.sender].predictions[matchNumber] = result;

playersPredictions[msg.sender].predictionsCount = 0;

for (uint256 i = 0; i < NUM_MATCHES; ++i) {

if (

playersPredictions[msg.sender].predictions[i] != Result.Pending &&

playersPredictions[msg.sender].isPaid[i]

) ++playersPredictions[msg.sender].predictionsCount;

}

Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

setPrediction lacks access control

setPrediction has no access control and allows manipulation to Players' predictions.

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.