First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

The prediction deadline is not calculated correctly.

_frolic

Summary

The prediction deadline is not calculated correctly.

Vulnerability Details

According to the documentation, "Every day from 20:00:00 UTC one match is played. Until 19:00:00 UTC on the day of the match, predictions can be made by any approved Player." Hence the prediction deadline is an hour before the match starts.

The calculation for the prediction deadline:

if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) {

Proof of Concept:
Add code to test file

function test_makePredictionAfterDeadline2() public {

vm.startPrank(stranger);

vm.warp(1);

vm.deal(stranger, 1 ether);

thePredicter.register{value: 0.04 ether}();

vm.stopPrank();

vm.startPrank(organizer);

vm.warp(2);

thePredicter.approvePlayer(stranger);

vm.stopPrank();

//prediction closes at 1723745200

vm.warp(1723752000 - 18000); //5 hours earlier than startime

vm.expectRevert(

abi.encodeWithSelector(ThePredicter__PredictionsAreClosed.selector)

);

vm.startPrank(stranger);

thePredicter.makePrediction{value: 0.0001 ether}(

ScoreBoard.Result.Draw

);

vm.stopPrank();

}

function test_makePredictionAfterDeadline3() public {

vm.startPrank(stranger);

vm.warp(1);

vm.deal(stranger, 1 ether);

thePredicter.register{value: 0.04 ether}();

vm.stopPrank();

vm.startPrank(organizer);

vm.warp(2);

thePredicter.approvePlayer(stranger);

vm.stopPrank();

//prediction closes at 1723752000

vm.warp(1723752000 + 18000); //5 hours after startime

vm.expectRevert(

abi.encodeWithSelector(ThePredicter__PredictionsAreClosed.selector)

);

vm.startPrank(stranger);

thePredicter.makePrediction{value: 0.0001 ether}(

ScoreBoard.Result.Draw

);

vm.stopPrank();

}

Impact

The calculation for the prediction deadline results in the deadline being 19 hours(68400) for the first match and increasing by 5 hours for each subsequent matches.

Tools Used

Manual Analysis

Recommendations

Change the calculation for the prediction deadline.

- if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400)

+ if (block.timestamp <= (START_TIME * (matchNumber + 1)) - 3600)

Updates

Lead Judging Commences

NightHawK Lead Judge 12 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Match timestamps are incorrect

In both contracts there is a similar error in the computation of the timestamps of the matches.

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.