First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Oracle issue

cryptedoji

Summary

Taking match results from centralized body breeds trusts issues and also puts reward funds at risk.

Vulnerability Details

what happens when he updates the 9th match result with the wrong result intentionally or mistakenly and some users take advantage of it and make withdrawals? this will lead to loss of rewards for some or other predicters. The worst is if he fails to update the 9th match (which is used to check user eligibility for withdrawal), then all reward funds will be stuck. loss of wallet could be a reason for this.

Impact

  • permanent loss of all reward funds due to 9th match result not updated.

  • wrong reward shares calculation will occur due to inaccurate result from Ivan leading to some players claiming reward more than they should.

Tools Used

  • manual review

  • thePredicter Docs

Recommendations

  • use a trusted and decentralized Oracle like Chainlink protocol to update accurate results of matches

Updates

Lead Judging Commences

NightHawK Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

cryptedoji Submitter
over 1 year ago
NightHawK Lead Judge
over 1 year ago
NightHawK Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.