First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Users can enter the bet multiple times when they re-register after they have been approved to take other people's places in the bet

EdTim

Summary

Players enter the game by calling ThePredicter::register which sets their status to Status.Pending. ThePredicter::register checks whether the player already has a status of Status.Pending and denies registration if so. The organizer can approve the player by calling ThePredicter::approvePlayer which sets the player's status to Status.Approved. Because the player's status is now Status.Approved, the player can call ThePredicter::register again and enter the game multiple times, if the organizer does not check if the player is already entered. As stated in the readme, the organizer wants all his friends to participate in the game, which might not be possible if some players enter multiple times.

Impact

The player can take up multiple slots in the game, increasing their chances of winning.

Tools Used

Manual review

Recommendations

Add a check in the register function if the player is already approved.

function register() public payable {
if (msg.value != entranceFee) {
revert ThePredicter__IncorrectEntranceFee();
}
// 14400 == 4 hours
if (block.timestamp > START_TIME - 14400) {
revert ThePredicter__RegistrationIsOver();
}
+ if (playersStatus[msg.sender] == Status.Pending || playersStatus[msg.sender] == Status.Approved) {
- if (playersStatus[msg.sender] == Status.Pending) {
revert ThePredicter__CannotParticipateTwice();
}
playersStatus[msg.sender] = Status.Pending;
}
Updates

Lead Judging Commences

NightHawK Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.