First Flight #20: The Predicter

First Flight #20

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Incorrect block.timestamp condition to check eligibility for makePrediction

iamthesvn

Relevant GitHub Links

https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ThePredicter.sol#L93

Summary

The protocol is designed to allow approved players to make predictions until one hour before each match starts daily. However, the current implementation incorrectly calculates the allowed prediction window.

Vulnerability Details

The code in the setPrediction function contains a condition that checks whether the current block timestamp is within the allowed prediction window. The intended window is until one hour before each match starts, but the condition is currently based on a 19-hour window, which is incorrect.

function makePrediction(

uint256 matchNumber,

ScoreBoard.Result prediction

) public payable {

if (msg.value != predictionFee) {

revert ThePredicter__IncorrectPredictionFee();

}

if (block.timestamp > START_TIME + matchNumber * 68400 - 68400) {

//@audit - these numbers mentioned here seem to be wrong. the first number has to be 86400 instead of 68400 and the second number has to be 3600 instead of 86400

revert ThePredicter__PredictionsAreClosed();

}

scoreBoard.confirmPredictionPayment(msg.sender, matchNumber);

scoreBoard.setPrediction(msg.sender, matchNumber, prediction);

Incorrect Condition:

if (block.timestamp <= START_TIME + matchNumber * 68400 - 68400)

• block.timestamp: The current timestamp in seconds.
• START_TIME: The starting time of the tournament.
• matchNumber * 68400: Multiplies the match number by 68400 seconds (19 hours).
• START_TIME + (matchNumber * 68400) - 68400: This simplifies to START_TIME, which is not correct because users should be allowed to set predictions until one hour before the match starts.

Analysis:
• 68400 seconds is equivalent to 19 hours.
• The intended window should be START_TIME + matchNumber * 86400 - 3600, where 86400 seconds is one day and 3600 seconds is one hour.
The incorrect calculation allows users to make predictions until 19 hours before the match starts, instead of the intended one hour.

Impact

This vulnerability could affect any participant by not enforcing the correct prediction window. As a result, the protocol will not function as intended, affecting the overall integrity and fairness of the prediction system.

Proof of Concept

Initial Setup: The match is scheduled to start at START_TIME + matchNumber * 86400.
Expected Behavior: Players should be able to make predictions until one hour before this time.
Current Behavior: Due to the incorrect time calculation, players can make predictions until 19 hours before the match, which does not align with the protocol’s intended functionality.

Tools Used

Manual review

Recommendations

Update the condition in the setPrediction function to properly reflect the intended prediction window:
if (block.timestamp <= START_TIME + matchNumber * 86400 - 3600)

Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Match timestamps are incorrect

In both contracts there is a similar error in the computation of the timestamps of the matches.

Rewards breakdown

nSLOC

191

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.