Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Invalid

The state variable `owner` in the `ScoreBoard.sol` contract is changeable and can be alter by any user.

Summary: In the ScoreBoard.sol contract, the owner address variable can be modified by any user. This would compromise the contract's centralized control, allowing anyone to alter scoreboard functions and variables.

Vulnerability Details: The following state variable of ScoreBoard.solcontract is mutable :-

https://github.com/Cyfrin/2024-07-the-predicter/blob/839bfa56fe0066e7f5610197a6b670c26a4c0879/src/ScoreBoard.sol#L21

```

address owner;

Impact : Anyone can set or change the contract's owner after deployment, severely compromising the intended functionality. This poses a significant risk to the contract's funds, as the new owner can manipulate scoreboard functions and variables.

Tools Used : Manual Review

Recommendations : Change the address ownerstate variable to address private immutable owner to prevent the alteration of the owner variable after the deployment of contract.

Updates

Lead Judging Commences

NightHawK Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.