First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

player don't need to pay the prediction fee again for the same match if have paid

bytesflow007

Summary

As the doc shows, So should add more logic to complete this feature

Ivan also has to pay this fee. No second prediction fee is due if any Player desires to change an already paid prediction.

Vulnerability Details

Lack the validation: if player have paid the prediciton fee for the same match

function makePrediction(

uint256 matchNumber,

ScoreBoard.Result prediction

) public payable {

if (msg.value != predictionFee) {

revert ThePredicter__IncorrectPredictionFee();

}

if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) {

revert ThePredicter__PredictionsAreClosed();

}

scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);

scoreBoard.setPrediction(msg.sender, matchNumber, prediction);

}

Impact

Doesn't implement the feature in the doc.

Tools Used

Recommendations

add the logic: if player has paid for this match and select a different prediction, no need to pay fee to change the prediciton.

// ThePredicter contract

uint64 private constant MATCH_DURATION = 68400; // 24 hours

uint64 private constant PREDICTION_DURATION = 3600; // 1 hour

error ThePredicter__PaidAndSelectSamePrediction();

function makePrediction(

uint256 matchNumber,

ScoreBoard.Result prediction

) public payable onlyPlayer {

if (

block.timestamp >

START_TIME + matchNumber * MATCH_DURATION - PREDICTION_DURATION

) {

revert ThePredicter__PredictionsAreClosed();

}

// check if player has played this round

(bool isPayed, ScoreBoard.Result result) = scoreBoard.playerPredictions(

msg.sender,

matchNumber

);

if (isPayed) {

if (result == prediction) {

revert ThePredicter__PaidAndSelectSamePrediction();

}

} else {

if (msg.value != predictionFee) {

revert ThePredicter__IncorrectPredictionFee();

}

scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);

}

scoreBoard.setPrediction(msg.sender, matchNumber, prediction);

}

// ScoreBoard contract

function playerPredictions(

address player,

uint256 matchNumber

) public view returns (bool isPaid, Result result) {

require(matchNumber < NUM_MATCHES, "Invalid match number");

return (

playersPredictions[player].isPaid[matchNumber],

playersPredictions[player].predictions[matchNumber]

);

}

Updates

Lead Judging Commences

NightHawK Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Appeal created

bytesflow007 Submitter

12 months ago

NightHawK Lead Judge

12 months ago

bytesflow007 Submitter

12 months ago

NightHawK Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.