First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Ensuring Unique Players in the ThePredicter Contract

darshan

Summary

In the ThePredicter contract, ensuring that the players array contains only unique addresses is crucial for maintaining the contract's integrity and functionality.

Vulnerability Details

The ThePredicter contract's register function allows players to register by sending an entrance fee. However, it does not currently check for duplicate registrations. This can lead to:

Duplicate Entries: Multiple entries of the same address in the players array, potentially causing issues with game logic and player management.
Inefficiencies: Processing and managing duplicate entries could lead to increased gas costs and reduced contract performance.

https://github.com/Cyfrin/2024-07-the-predicter/blob/main/src/ThePredicter.sol#L46

Impact

functions relying on the uniqueness of players might behave incorrectly or fail if duplicates are present.

Recommendations

implement a check in the register function to ensure that the player is not already registered. This prevents duplicate entries:

function register() public payable {
if (msg.value != entranceFee) {
revert ThePredicter__IncorrectEntranceFee();
}
if (block.timestamp > START_TIME - 14400) {
revert ThePredicter__RegistrationIsOver();
}
if (playersStatus[msg.sender] == Status.Pending) {
revert ThePredicter__CannotParticipateTwice();
}
// Ensure the player is not already registered
for (uint256 i = 0; i < players.length; i++) {
if (players[i] == msg.sender) {
revert ThePredicter__CannotParticipateTwice();
}
}
playersStatus[msg.sender] = Status.Pending;
players.push(msg.sender);
}
Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.