First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Ivan(organizer) should as player default, otherwise the actual users will achieve 31 players.

bytesflow007

Summary

As the doc descirbe, Ivan should as player, and the max players is 30.

Ivan has the roles of both Organizer and Player.

Ivan's 15 friends are Players. These 16 people are considered honest and trusted.

Ivan has found a suitable hall with a capacity of 30 people in which they can watch the matches.

Vulnerability Details

When deployed smart contract, no adding Ivan(organizer) as a player, As the second code snippet shows, Ivan can add 30 players. plus Ivan euqal 31 whcih beyond the capacity of the hall.

All her 15 friends should pay the entranceFee.

constructor(

address _scoreBoard,

uint256 _entranceFee,

uint256 _predictionFee

) {

organizer = msg.sender;

scoreBoard = ScoreBoard(_scoreBoard);

entranceFee = _entranceFee;

predictionFee = _predictionFee;

}

function approvePlayer(address player) public {

if (msg.sender != organizer) {

revert ThePredicter__UnauthorizedAccess();

}

if (players.length >= 30) {

revert ThePredicter__AllPlacesAreTaken();

}

if (playersStatus[player] == Status.Pending) {

playersStatus[player] = Status.Approved;

players.push(player);

}

Impact

Doesn't fit the desgin

Tools Used

Maual

Recommendations

Add Ivan as player when deployed contract

constructor(

address _scoreBoard,

uint256 _entranceFee,

uint256 _predictionFee,

address[] memory friendsAddresses

) {

if (msg.value != _entranceFee) {

revert ThePredicter__IncorrectEntranceFee();

}

organizer = msg.sender;

// add Ivan as player

playersStatus[msg.sender] = Status.Approved;

players.push(msg.sender);

// add 15 friends as players

uint8 friendsCount = uint8(friendsAddresses.length);

require(friendsCount == 15, "only 15 friends can participate");

uint8 i;

for (; i < friendsCount; ) {

playersStatus[friendsAddresses[i]] = Status.Approved;

players.push(friendsAddresses[i]);

unchecked {

++i;

}

scoreBoard = ScoreBoard(_scoreBoard);

entranceFee = _entranceFee;

predictionFee = _predictionFee;

}

Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.